Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

VMware UMDS curl_easy_perform() failed: cURL Error: SSL peer certificate or SSH remote key was not OK, SSL certificate problem: unable to get local issuer certificate

After configuring VMWware UMDS (VMware Update Manager download service) in my environment, which downloads patches/update from online VMware repositories, I tried downloading patches/updates.but I was receiving below errors for multiple urls. (There are default 4 online VMware repositories from where UMDS tries download patches/fixes).

[root@centos01 bin]# ./usr/local/vmware-umds/bin/vmware-umds -D
Starting download of updates ...
INFO -   Executing download job {22727488}, url=https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
ERROR -   curl_easy_perform() failed: cURL Error: SSL peer certificate or SSH remote key was not OK, SSL certificate problem: unable to get local issuer certificate
ERROR -   [backtrace begin] product: VMware vSphere Update Manager Download Service, version: 7.0.0, build: build-15952383, tag: vmware-down loadService, cpu: x86_64, os: linux, buildType: release backtrace[00] libvmacore.so[0x002ECAC5] backtrace[01] libvmacore.so[0x0019D635]: Vma                  core::System::Stacktrace::CaptureFullWork(unsigned int) backtrace[02] libvmacore.so[0x0018F3A9]: Vmacore::System::SystemFactory::CreateBackt                  race(Vmacore::Ref&) backtrace[03] umds[0x00161D4B] backtrace[04] umds[0x001620CA] backtrace[05] umds[0x0016249C]                   backtrace[06] umds[0x0015DBC0] backtrace[07] umds[0x0015F8AF] backtrace[08] umds[0x0016052A] backtrace[09] libvmacore.so[0x0022C942] backtr                  ace[10] libvmacore.so[0x002319B6] backtrace[11] libvmacore.so[0x002AAB54] backtrace[12] libpthread.so.0[0x00007E65] backtrace[13] libc.so.6[                  0x000FE88D] backtrace[14] (no module) [backtrace end]
ERROR -   Executing download job {22727488} throws error: curl_easy_perform() failed: cURL Error: SSL peer certificate or SSH remote key was not OK, SSL certificate problem: unable to get local issuer certificate
INFO -   Download failed but destination file /tmp/vcioUNphO exists and is valid. Ignoring error
INFO -   Download job {22727488} finished, bytes downloaded = 0
*********************************************
Downloaded 0 updates, Download size: 0 MB
*********************************************

vmware-umds -D VMware Update Manager Download Service (UMDS) vsphere esxi ssl peer certificate or ssh remote key was not  curl_easyperfom() traceback download patch failed.png

To resolve this issue edit downloadconfig.xml UMDS configuration file, under /usr/local/vmware-umds/bin, and make all the HTTPS urls to HTTP. Save the file. Configuration looks like below. VMware Update Manager download service fails to download files from HTTPS repositories

usr local vmware-umds bin downloadConfig.xml proxy configuration port proxyport proxyserver esx4xupdateuril hostconfig contentsettings vmware update manager service lifecycle manager.png

Rerun command ./vmware-umds -D, download will start. Once updates download is completed it shows how many updates it downloaded and its size.

vmware-umds VMware Update Manager Download Service (UMDS) etc photon-release download patches info vmw-esxi metadata.zip embeddedesx intl download patch job lifecycle manager.png

As above updates download over HTTP protocol another way to resolve the issue is using below configuration. Another method is replacing the included libcurl.so.4 library module with symbolic link pointing to the one currently on the vCenter server appliance.
     $ mv /usr/local/vmware-umds/lib/libcurl.so.4 /usr/local/vmware-umds/lib/libcurl.so.4.backup
     $ ln -s /usr/lib64/libcurl.so.4 /usr/local/vmware-umds/lib/libcurl.so.4

Useful Articles
VMWARE VSPHERE UPDATE MANAGER (VUM) - IMPORTING ESXI ISO AND CREATE UPGRADE BASELINE 
VMWARE VSPHERE UPDATE MANAGER (VUM) - UPGRADE ESXI OS 
ESXi 6.0 update offline bundle via esxcli commandline: DependencyError VIB bootbank requires VSAN ImageProfile
ESXi 6.5 upgrade bundle via command line: No Space Left On Device Error

Go Back

Comment

Blog Search

Page Views

12273456

Follow me on Blogarama