0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

独自のルートCA証明書を追加とCentOSのEOL対応

Last updated at Posted at 2023-03-09

社内プロキシを指定せずにインターネットに通信しないといけなくて、そのときにクラウドプロキシのルート証明書を追加する流れを記録に残します。

証明書を追加前の流れ

winddowsにセキュリティ証明書をダウンロードしたので、CentOSにsshでコピー。

scp Downloads\ns.crt hoge@hoge:/home/admin

CA証明書追加

/usr/share/pki/ca-trust-source/anchorsに配置

sudo cp /home/admin/ns.crt /usr/share/pki/ca-trust-source/anchors

配置後、実行

sudo update-ca-trust extract

Appsteamエラーの対象方法

CentOSがEOLしたので、リポジトリ参照先を変更した。

sed -i 's/mirrorlist=/#mirrorlist=/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*

しかし、またもエラーが出たのでCentOS-Linux-AppStream.repoCentOS-Linux-BaseOS.repoの既存の参照先をコメント化して新たなリポジトリ参照先を追加。

[Administrator@localhost yum.repos.d]$ cat CentOS-Linux-AppStream.repo
# CentOS-Linux-AppStream.repo
#
# The mirrorlist system uses the connecting IP address of the client and the
# update status of each mirror to pick current mirrors that are geographically
# close to the client.  You should use this for CentOS updates unless you are
# manually picking other mirrors.
#
# If the mirrorlist does not work for you, you can try the commented out
# baseurl line instead.

[appstream]
name=CentOS Linux $releasever - AppStream
baseurl=http://linuxsoft.cern.ch/centos-vault/8.5.2111/AppStream/$basearch/os/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=AppStream&infra=$infra
#baseurl=http://mirror.centos.org/$contentdir/$releasever/AppStream/$basearch/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[Administrator@localhost yum.repos.d]$ cat CentOS-Linux-BaseOS.repo
# CentOS-Linux-BaseOS.repo
#
# The mirrorlist system uses the connecting IP address of the client and the
# update status of each mirror to pick current mirrors that are geographically
# close to the client.  You should use this for CentOS updates unless you are
# manually picking other mirrors.
#
# If the mirrorlist does not work for you, you can try the commented out
# baseurl line instead.

[baseos]
name=CentOS Linux $releasever - BaseOS
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=BaseOS&infra=$infra
#baseurl=http://mirror.centos.org/$contentdir/$releasever/BaseOS/$basearch/os/
#baseurl=http://linuxsoft.cern.ch/centos-vault/8.5.2111/Appstream/$basearch/os/
baseurl=http://vault.centos.org/$contentdir/$releasever/BaseOS/$basearch/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[Administrator@localhost yum.repos.d]$ cat CentOS-Linux-ContinuousRelease.repo
# CentOS-Linux-ContinuousRelease.repo
#
# The mirrorlist system uses the connecting IP address of the client and the
# update status of each mirror to pick current mirrors that are geographically
# close to the client.  You should use this for CentOS updates unless you are
# manually picking other mirrors.
#
# If the mirrorlist does not work for you, you can try the commented out
# baseurl line instead.
#
# The Continuous Release (CR) repository contains packages for the next minor
# release of CentOS Linux.  This repository only has content in the time period
# between an upstream release and the official CentOS Linux release.  These
# packages have not been fully tested yet and should be considered beta
# quality.  They are made available for people willing to test and provide
# feedback for the next release.

[cr]
name=CentOS Linux $releasever - ContinuousRelease
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=cr&infra=$infra
baseurl=http://mirror.centos.org/$contentdir/$releasever/cr/$basearch/os/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

[Errno 14] HTTP Error 404 - Not Foundが出る場合

上記のようにリポジトリ参照先を替えても下記のようなエラー
http://vault.centos.org/centos/7/os/x86_64/repodata/repomd.xml :[Errno 14] HTTP Error 404
が出力される場合、ディレクトリの階層が欠落している可能性がある。

リリースバージョン確認

mkdir -p /etc/yum/vars ; cat /etc/redhat-release

新しいリリースバージョンに上書き

echo 'リリースバージョン' > /etc/yum/vars/releasever
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?