zypper commands return "SSL certificate problem: unable to get local issuer certificate" on a SLES 12 SUSE Manager Client

This document (7017147) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12 (SLES 12)
SUSE Linux Enterprise Server 12 Service Pack 1 (SLES 12 SP1)

Situation

After bootstrapping a SLES 12 Server to a SUSE Manager server zypper commands (ie zypper ref, zypper lu, etc.) return "SSL certificate problem: unable to get local issuer certificate".

Resolution

The issue is caused by a missing symbolic link on the SLES 12 client. Manually adding the necessary symbolic link should resolve the problem. That can be accomplished by doing the following on the SLES 12 client as root:

1. cd /etc/pki/trust/anchors
2. ls -l

It should look something like this:

total 4
lrwxrwxrwx 1 root root 39 Oct 8 05:19 RHN-ORG-TRUSTED-SSL-CERT.pem -> /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

If the symbolic link is missing (ie RHN-ORG-TRUSTED-SSL-CERT.pem -> /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT) it can manually be added with:

1. ln -s /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem
2. then run /usr/sbin/update-ca-certificates

zypper commands should once again be working.

Cause

Additional Information

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.