SSL connect attempt failed error

While working on one of clients server I was getting below error while updating cpanel license in server

root@hoskb [~]# /usr/local/cpanel/cpkeyclt
Updating cPanel license…Done. Update Failed!
Error message:
Transition to SSL failed: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

also while debugging did try yum update

however I got an error as well

root@host113 [~]# yum update
Loaded plugins: fastestmirror, rhnplugin
Traceback (most recent call last):
File “/usr/bin/yum”, line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File “/usr/share/yum-cli/yummain.py”, line 309, in user_main
errcode = main(args)
File “/usr/share/yum-cli/yummain.py”, line 157, in main
base.getOptionsConfig(args)
File “/usr/share/yum-cli/cli.py”, line 187, in getOptionsConfig
self.conf
File “/usr/lib/python2.4/site-packages/yum/__init__.py”, line 665, in <lambda>
conf = property(fget=lambda self: self._getConfig(),
File “/usr/lib/python2.4/site-packages/yum/__init__.py”, line 254, in _getConfig
self.plugins.run(‘init’)
File “/usr/lib/python2.4/site-packages/yum/plugins.py”, line 179, in run
func(conduitcls(self, self.base, conf, **kwargs))
File “/usr/share/yum-plugins/rhnplugin.py”, line 124, in init_hook
login_info = up2dateAuth.getLoginInfo()
File “/usr/share/rhn/up2date_client/up2dateAuth.py”, line 222, in getLoginInfo
login()
File “/usr/share/rhn/up2date_client/up2dateAuth.py”, line 190, in login
li = server.up2date.login(systemId)
File “/usr/share/rhn/up2date_client/rhnserver.py”, line 64, in __call__
raise up2dateErrors.SSLCertificateVerifyFailedError()
up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The SSL certificate failed verification.
e/rhn/up2date_client/rhnserver.py”, line 64, in __call__
raise up2dateErrors.SSLCertificateVerifyFailedError()
up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The SSL certificate failed verification.

The solution was to recreate certificate bundle file

I moved the old ca.bundle to /backup

cp /etc/pki/tls/certs/ca-bundle.crt  /root/backup/

To fix the issue, just download a new certificate bundle. I used the one from haxx.se.

 curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt
The issue got fixed and can run any command on server without any issues

 

Source : http://eric.lubow.org/2011/security/fixing-centos-root-certificate-authority-issues/