Registration aborts with ERROR: SSL peer certificate or SSH md5 fingerprint was not OK

This document (7009789) is provided subject to the disclaimer at the end of this document.

Environment

Subscription Management Tool for SUSE Linux Enterprise 11
Subscription Management Tool for SUSE Linux Enterprise 10
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10

Situation

The registration of a system against a SMT server fails with one of the following error message (as per suse_register.log):

[...]
ERROR: SSL peer certificate or SSH md5 fingerprint was not OK: (51)

[...]
ERROR: SSL peer certificate or SSH remote key was not OK: (51)

On the client that is running the clientSetup4SMT.sh script only the error "Download failed. Abort." is displayed.

Resolution

The certificate which was imported using the clientsetup4SMT.sh script does not match the DNS name of the SMT server the client is about to register to. Please follow TID 7006024 - How to recreate SMT 11 CA and server certificate to create a CA and server certificate for the SMT server.

Additional Information

If this issue is experienced, please check the previous output of clientSetup4SMT.sh and check for which server this certificate was issued:

test4:/tmp # ./clientSetup4SMT.sh --host smt.test.site
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            xx:xx:xx:xx:xx:xx:xx:xx
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=DE, CN=YaST Default CA (test4)/emailAddress=postmaster@test4
        Validity
            Not Before: Aug  5 16:24:25 2011 GMT
            Not After : Aug  2 16:24:25 2021 GMT
        Subject: C=DE, CN=YaST Default CA (test4)/emailAddress=postmaster@test4
[...]
            X509v3 Authority Key Identifier:
                keyid:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
                DirName:/C=DE/CN=YaST Default CA (test4)/emailAddress=postmaster@test4
                serial:xx:xx:xx:xx:xx:xx:xx:xx
[...]

In this case the client was told to register with smt.test.site but the certificate was issued for test4.test.site.

This issue is experienced in particular if the SMT server was cloned from a template on which the CA and server certificate was already configured.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7009789
  • Creation Date: 23-Nov-2011
  • Modified Date:03-Mar-2020
    • Subscription Management Tool
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center