Attempts to activate an SLE 10 SPx system (Server or Desktop) returns a curl error 60

This document (7010008) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Desktop 10 Service Pack 1
SUSE Linux Enterprise Desktop 10 Service Pack 2
SUSE Linux Enterprise Desktop 10 Service Pack 3
SUSE Linux Enterprise Server 10 Service Pack 1
SUSE Linux Enterprise Server 10 Service Pack 2
SUSE Linux Enterprise Server 10 Service Pack 3
SUSE Linux Enterprise Server 10 Service Pack 4

Situation

While attempting to activate a SLE 10 SPx machine (Server or Desktop) the activation attempt returns the following error:

In YaST Novell Customer Configuration Center:

Error
An error occurred while connecting to the server.

Hitting details shows the following:

Execute curl command failed with '60':
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error: 14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here ...

Using suse_register from the command line returns:

Execute curl command failed with '60':
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error: 14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here ...

Resolution

Novell is in the process of switching digital certificate providers and current builds of SLE 10 SPx do not have certificate bundles that contain a certificate matching the new certificate provider.  While this problem should be corrected via a future update (ie an update to the SLE 10 certificate bundles) it is possible to add the certificates to the bundle manually.  This can be done using the following method:

For SLE 10 SP1, SP2, and SP3 do the following:

1. Download the updated openssl-certs rpm using the following link:

http://download.novell.com/Download?buildid=skZqrMD23yc~

2. Install the rpm using

rpm -Uvh openssl-certs-0.8.0-0.10.1.noarch.rpm

3. type c_rehash
4. Attempt to activate the system.

This solution will resolve the problem with suse_register, however, curl will still get a 60 error when run against https://secure-www.novell.com/home/.  While this will NOT affect activations or migrations curl is still used to debug communication issues with activations.  To fix the issue with curl please use the following steps:

1. First make a backup copy of the /usr/share/curl/curl-ca-bundle.crt file

In a terminal as root type:

cp /usr/share/curl/curl-ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt.sav

2.Download the following file (right click and select save link as) and save it to /usr/share/curl over writing the copy that is already there

http://support.novell.com/products/desktop/curl-ca-bundle.crt

3. Test the new cert file by typing 

curl -v https://secure-www.novell.com/home/

For SLE 10 SP4 please follow the steps described in this TID:

TID # 7012549 - SLE 10 SP4 Activation returns invalid certificate received from server


Additional Information


Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7010008
  • Creation Date: 13-Jan-2012
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Desktop
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center