View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000664elrepo mirroring/distribution--mirroring-- otherpublic2016-06-30 08:122018-03-02 11:31
Reporterwelsh Assigned Totoracat  
PrioritynormalSeverityminorReproducibilityalways
Status assignedResolutionopen 
Summary0000664: https://mirrors.elrepo.org has certificate issue
DescriptionSorry, I don't know if this the proper location for this issue, but trying to utilize the https://mirrors.elrepo.org address instead of http://mirrors.elrepo.org for proxy reasons. There seems to be a certificate issue.

According to Firefox:
mirrors.elrepo.org uses an invalid security certificate. The certificate is only valid for the following names: www.elrepo.org, elrepo.org Error code: SSL_ERROR_BAD_CERT_DOMAIN

Chrome produces this error:
Your connection is not private
Attackers might be trying to steal your information from mirrors.elrepo.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
TagsNo tags attached.

Relationships

related to 0000832 assignedstindall [RFE] HTTPS for mirrors.elrepo.org 

Activities

toracat

2016-06-30 09:08

administrator   ~0004812

Can you try using https://elrepo.org/mirrorsdir/ instead of https://mirrors.elrepo.org ?

Not sure where we have used "mirrors.elrepo.org" but it actually points to elrepo.org/mirrorsdir/ .

pjwelsh

2016-06-30 10:30

reporter   ~0004815

Sure I can make the change.

The file "/etc/yum.repos.d/elrepo.repo" from package elrepo-release-7.0-2.el7.elrepo.noarch contains:
mirrorlist=http://mirrors.elrepo.org/mirrors-elrepo.el7
and I was trying to get it to use https instead.

pperry

2016-06-30 11:17

administrator   ~0004816

The cert wasn't ever intended to cover mirrors.elrepo.org over https.

We only introduced https on elrepo.org to facilitate the initial secure download and import of the elrepo RPM package signing key.

https://www.elrepo.org/tiki/key

Once the key has been securely downloaded, verified and imported, packages may then be safely downloaded over non-secure channels and checked/verified with our public key.

The primary reason mirrors.elrepo.org exists as a subdomain is to allow easy redirection and load balancing within DNS.

That said, when we next renew our cert it makes sense to add mirrors.elrepo.org to the list of subdomains included, so thanks for highlighting it.

Issue History

Date Modified Username Field Change
2016-06-30 08:12 welsh New Issue
2016-06-30 08:12 welsh Status new => assigned
2016-06-30 08:12 welsh Assigned To => toracat
2016-06-30 09:08 toracat Note Added: 0004812
2016-06-30 10:30 pjwelsh Note Added: 0004815
2016-06-30 11:17 pperry Note Added: 0004816
2018-03-02 10:57 pperry Relationship added related to 0000832
2018-03-02 11:26 burakkucat Category --wiki--OTHER-- => --wiki--request-for-enhancement--
2018-03-02 11:28 burakkucat Project elrepo wiki => elrepo mirroring/distribution
2018-03-02 11:31 burakkucat Category --wiki--request-for-enhancement-- => --mirroring-- other