Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
when using UMDS 6.5 to download patches within RedHat Linux Enterprise Linux system (RHEL), UMDS is unable to download from the VMware online depots over HTTPS repositories.When attempting to download updates with Update Manager Download Service 6.5 on a RHEL 7.x system, you see a message similar to: [root@umds ~]# /usr/local/vmware-umds/bin/vmware-umds -DINFO -izing connection poolINFO - ed to DSN OKINFO - ring sequencesINFO - ing database versionStartingdownload of updates ...INFO - ng download job {140674137613632}, url=https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xmlERROR - y_perform() failed: cURL Error: Peer certificate cannot be authenticated with given CA certificates, SSL certificate problem: unable to get local issuer certificateERROR - g download job {140674137613632} throwserror: curl_easy_perform() failed: cURL Error: Peer certificate cannot be authenticated with given CA certificates, SSL certificate problem: unable to get local issuer certificateINFO - d failed but destination file /tmp/vcinO6QQA exists and is valid. Ignoring errorINFO - d job {140674137613632} finished, bytes downloaded = 0 In /var/log/vmware/vmware-updatemgr/umds/vmware-downloadService-log4cpp.log, you see entries similar to: 2017-06-08 06:17:44:473 'DownloadMgr' 140675026552576 INFO] [downloadMgr, 601] Executing download job {140674137613632}, url=https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml[2017-06-08 06:17:44:474 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 354] GetEasy() needs to allocate new CURL[2017-06-08 06:17:44:548 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] * Trying 2001:559:19:988f::2ef...[2017-06-08 06:17:44:548 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] * Immediate connect fail for 2001:559:19:988f::2ef: Network is unreachable[2017-06-08 06:17:44:548 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] * Trying 2001:559:19:9884::2ef...[2017-06-08 06:17:44:548 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] * Immediate connect fail for 2001:559:19:9884::2ef: Network is unreachable[2017-06-08 06:17:44:548 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] * Trying 184.25.207.49...[2017-06-08 06:17:44:562 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] * Connected to hostupdate.vmware.com (184.25.207.49) port 443 (#0)[2017-06-08 06:17:44:563 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] * ALPN, offering http/1.1[2017-06-08 06:17:44:563 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH[2017-06-08 06:17:44:563 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] * successfully set certificate verify locations:[2017-06-08 06:17:44:563 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] * CAfile: none[2017-06-08 06:17:44:563 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] CApath: /etc/ssl/certs[2017-06-08 06:17:44:584 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] * SSL certificate problem: unable to get local issuer certificate[2017-06-08 06:17:44:584 'httpDownload' 140675026552576 DEBUG] [httpDownloadPosix, 167] * Closing connection 0[2017-06-08 06:17:44:584 'httpDownload' 140675026552576 ERROR] [httpDownloadPosix, 606] curl_easy_perform() failed: cURL Error: Peer certificate cannot be authenticated with given CA certificates, SSL certificate problem: unable to get local issuer certificate[2017-06-08 06:17:44:585 'DownloadMgr' 140675026552576 ERROR] [downloadMgr, 627] Executing download job {140674137613632} throws error: curl_easy_perform() failed: cURL Error: Peer certificate cannot be authenticated with given CA certificates, SSL certificate problem: unable to get local issuer certificate Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment. Running curl manually against the reported URL pulls down the XML file without issue.Adding the Intermediate CA and Root CA certificates to /etc/ssl/certs results in no change in behavior.
The issue is caused when CA certificates are stored in different places in different operation systems. UMDS source code uses a way to find out CA certificates for Ubuntu rather than RHEL.
This issue is resolved in vCenter Server 6.5 U2, available at VMware Downloads.
To workaround this issue:Option 1 Open downloadConfig.xml file from /usr/local/vmware-umds/bin.Update the urls from https to http in HostConfig. Option 2Replace the included libcurl.so.4 library module with a symbolic link pointing to the one currently on the system. $ mv /usr/local/vmware-umds/lib/libcurl.so.4 /usr/local/vmware-umds/lib/libcurl.so.4.backup$ ln -s /usr/lib64/libcurl.so.4 /usr/local/vmware-umds/lib/libcurl.so.4