Celeb Glow
updates | March 01, 2026

Adding --no-check-certificate to yum repositories

I have added virtio-win.repo according to this guide. The content of /etc/yum.repo.d/virtio-win.repo is now

[virtio-win-stable]
name=virtio-win builds roughly matching what was shipped in latest RHEL
baseurl=
enabled=1
skip_if_unavailable=1
gpgcheck=0
[virtio-win-latest]
[virtio-win-source]

The last two [] have similar options as the first (which are not my problem). Now, when I run yum makecache, I get this error

 [Errno 14] problem making ssl connection

I tried running wget manually, but it recommends me to add --no-check-certificate to wget which will solve the problem.

I want to know how can I add that option in the /etc/yum.repo.d/virtio-win.repo?

4 Answers

For one repo you can add the following in the repo configuration:

sslverify=0

For all repos, you can add the following to "/etc/yum.conf":

sslverify=false
4

On CentOS 7.5, running this worked:

yum-config-manager --save --setopt=<REPONAME>.sslverify=false

The ssl check is there for a reason. It is really dangerous to disable ssl certificate check. I prefer this approach: One of my customer's environment is not set u properly, where the SSL certificate of the proxy server signs every ssl cert of every site. To verify that this is the problem, I run

curl

It fails, so, get the certificate with one command using openssl-client

openssl s_client -showcerts -servername -connect > cacert.pem

The big file has the server cert in the middle, copy it, and save it to new file, we will call it mycert.pem. The cert starts with Begin Certificate, and ends with End of Certificate

Let's test it to verify

curl --cacert mycert.pem

It it works, then the problem is resolved. All what we need to do is to add it to the repository where curl uses as trusted repository. To get the location of the certificates, do the following

strace curl |& grep open

Lots of output, but right near the end I see: open("/etc/ssl/certs/578d5c04.0", O_RDONLY) = 4

Which is where my certificates are stored. Then simply append the file got earlier.

echo "#Added by me , the client\'s certificate" >> /etc/pki/tls/certs/ca-bundle.crt
cat mycert.pem >> /etc/pki/tls/certs/ca-bundle.crt

Then test again with curl, now without the certificate as an option

curl

It should get the certificate.

On Centos 6, need to update nss

yum update nss

The error "... [Errno 14] problem making ssl connection" no longer occurs

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like

Where can I farm Boar Prime in warframe?

Can Vette be corrupted?

What are the advantages/disadvantages of each race?