SUSE Support

Here When You Need Us

Client server access repositories with HTTP response: 500

This document (000021016) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Manager Proxy 4.3

Situation

When the client-server requests access to any repository from the Suse Manager via the Suse Manager Proxy, it gets a 500 Internal Server Error: 
#==[ Command ]======================================# # /usr/bin/zypper --non-interactive --no-gpg-checks patches Problem retrieving files from 'vit_sles_sap15_sp2-prod-SLE-Manager-Tools15-Pool for x86_64 SAP SP2'. Download (curl) error for 'https://ProxyFQDN:443/rhn/manager/download/vit_sles_sap15_sp2-prod-sle-manager-tools15-pool-x86_64-sap-sp2/repodata/repomd.xml?eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2ODEwNDEyOTYsImlhdCI6MTY0OTUwNTI5NiwibmJmIjoxNjQ5NTA1MTc2LCJqdGkiOiJabnE1ak1LQUNyLXNVSU1PTVQ3MEl3Iiwib3JnIjoxLCJvbmx5Q2hhbm5lbHMiOlsidml0X3NsZXNfc2FwMTVfc3AyLXByb2Qtc2xlLW1hbmFnZXItdG9vbHMxNS1wb29sLXg4Nl82NC1zYXAtc3AyIl19.dqU7UyB0yMD1C0F1AKhwLPkDSdlARdoSF_GoudEw3MI': Error code: HTTP response: 500 Error message: The requested URL returned error: 500 Internal Server Error

SUSE Manager Proxy server reports "Unable to read certificate file /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" error message: 
#==[ Log File ]=====================================#
# /var/log/apache2/error_log - Last 500 Lines
[Tue Mar 14 17:10:07.204529 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980] 
[Tue Mar 14 17:10:07.205030 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980] mod_wsgi (pid=2626): Exception occurred processing WSGI script '/usr/share/rhn/wsgi/xmlrpc.py'.
[Tue Mar 14 17:10:07.205218 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980] Traceback (most recent call last):
[Tue Mar 14 17:10:07.205262 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]   File "/usr/share/rhn/proxy/apacheServer.py", line 62, in __call__
[Tue Mar 14 17:10:07.205266 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]     ret = f(req)
[Tue Mar 14 17:10:07.205270 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]   File "/usr/share/rhn/proxy/apacheHandler.py", line 367, in handler
[Tue Mar 14 17:10:07.205271 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]     ret = handlerObj.handler()
[Tue Mar 14 17:10:07.205275 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]   File "/usr/share/rhn/proxy/broker/rhnBroker.py", line 297, in handler
[Tue Mar 14 17:10:07.205276 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]     self._connectToParent()  # part 1
[Tue Mar 14 17:10:07.205280 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]   File "/usr/share/rhn/proxy/rhnShared.py", line 145, in _connectToParent
[Tue Mar 14 17:10:07.205281 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]     self.responseContext.getConnection().connect()
[Tue Mar 14 17:10:07.205285 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]   File "/usr/lib/python3.6/site-packages/rhn/connections.py", line 209, in connect
[Tue Mar 14 17:10:07.205286 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]     self.sock = SSL.SSLSocket(sock, self.trusted_certs)
[Tue Mar 14 17:10:07.205290 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]   File "/usr/lib/python3.6/site-packages/rhn/SSL.py", line 63, in __init__
[Tue Mar 14 17:10:07.205291 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]     self.add_trusted_cert(f)
[Tue Mar 14 17:10:07.205294 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]   File "/usr/lib/python3.6/site-packages/rhn/SSL.py", line 89, in add_trusted_cert
[Tue Mar 14 17:10:07.205296 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980]     raise ValueError("Unable to read certificate file %s" % file)
[Tue Mar 14 17:10:07.205306 2023] [wsgi:error] [pid 2626] [client 10.250.106.53:20980] ValueError: Unable to read certificate file /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

Resolution

Please double-check whether RHN-ORG-TRUSTED-SSL-CERT displays on /usr/share/rhn/ directory from the Suse Manager Proxy server: 
# ll /usr/share/rhn/
|-rw------- 1 root root 1743 May 24 2022 RHN-ORG-PRIVATE-SSL-KEY 
# ll /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT
|-rw-r--r-- 1 root root 1526 Mar 14 16:50 /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT

The '/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT' is supposed to be a symlink to /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT. You can execute the following command to resolve the issue. 
# ln -s /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

# ll /usr/share/rhn/ 
|-rw------- 1 root root 1743 May 24 2022 RHN-ORG-PRIVATE-SSL-KEY 
|-rwxrwxrwx 1 root root  47 Mar  8 10:22 RHN-ORG-TRUSTED-SSL-CERT -> /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021016
  • Creation Date: 15-Mar-2023
  • Modified Date:20-Mar-2023
    • SUSE Manager Proxy

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center