Problem scenario: You are running a yum command and get this error:
"[Errno 14] Peer cert cannot be verified or peer cert invalid. Trying other mirror..."
The SSL certificate is not being verified. One solution would be to ensure the Linux server you are running the yum command on has the correct SSL cert.
Another solution would be to modify the /etc/yum.conf file. Add this entry as the lowest stanza in the [main] section: sslverify=false
This second solution (immediately above) is not a best practice. But behind a firewall that blocks Internet access, it is a configuration that some Linux administrators use without too much risk. Use it with caution if your environment does not have an intrusion detection system and firewall because you do not want to apply Linux patches from an unverified source. It is inadvisable to use this "sslverify=false" stanza on an important server that has access to the Internet. This setting on /etc/yum.conf applies to all repos on the server. The default setting, when this stanza is omitted, on modern RedHat versions has the equivalent effect of having a "sslverify=true" stanza. The .repo files in /etc/yum.repos.d/ can be granularly managed. To set a .repo file to false, use this similar stanza with no quotes: "sslverify=0".
Advertisement: Interested in a new position working with Linux (e.g., as a Devops Engineer or a Systems Administrator)? Email sales [at] americandevops [dot] com.