Red Hat Yum proxy support in Nexus?

Hi. I have created CentOS yum repos proxy and it working fine. But when I created for Red Hat yum proxy, it doesn’t work. We have valid Red Hat subscription actually. Is it because Red Hat not allow 3rd party to connect their server or Nexus doesnt support this?

Thank you

From client error message:

[root@uat ~]# yum install nc
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register. [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article

[Errno 14] yum fails with HTTP/HTTPS Error 404 - Red Hat Customer Portal

Does$releasever/$basearch/scaleablefilesystem/os/repodata/repomd.xml exist? Access to repomd is required and it’s complaining it can’t find it.
I don’t recall any other reports of Redhat not working.

Hi Joe

Im not so sure myself, coz the baseurl i copied from redhat access page.
Also I check again in my /etc/yum.repos.d/redhat.repo, the enabled repo is$releasever/$basearch/os/

and I try curl to that link but returned permission denied.

maybe do you have the baseurl that actually working? can you share if possible?
Thank you

You’d need to expand the variables $releasever and $basearch appropriately for this to work. But I think you’re going to run into another problem. Client side SSL certificates aren’t working in Repo 3, and I believe that will be needed to get access to that repository. We’ve bumped up the priority of this issue in our backlog:

I expand the variable as you suggested

So far I did not getting the ‘handshake-failure’ issue, but HTTP/1.1 403 Forbidden instead.

2019-09-24 19:43:02,072+0800 DEBUG [qtp40223173-152] admin - < HTTP/1.1 403 Forbidden @ 180.3 ms

I am also trying to create a Red Hat yum proxy and have the same problem, where I get a HTTP 403 returned. I am assuming this is because cdn.redhat requires authentication - in particular I think it expects you to pass it sslclientcert, sslclientkey, sslcacert (see How to authenticate to - Red Hat Customer Portal). sslclientkey and sslclientcert are found in /etc/pki/entitlement on your Red Hat system and I believe are generated as part of your RHN subscription.

Presumably, Nexus does not pass these details forward (I have defined these fields in my local nexus.repo file but see no evidence of them being provided to the cdn endpoint).

I’d be interested to know if I’m approaching this the wrong way, or if there is an alternative method that allows you to sync Red Hat repositories with Nexus. I have searched through a lot of articles but haven’t found much to suggest this is possible.


Steve, I am trying to build the same exact type of repo in Nexus to Apparently we have to take the entitlement certs from red hat, and somehow get a CA cert from red hat, and then use a command like this:
openssl pkcs12 -export -in content-rhel7.crt -inkey content-rhel7.key -out rhel.p12 -name clientKeystore -CAfile -caname

Then we ahve to import that p12 file into the java keystore:
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore keystore.jks -srckeystore rhel.p12 -srcstoretype PKCS12 -srcstorepass password -alias clientKeystore

Then you update the nexus.vmoptions file with:

Then restart nexus service.
Then configure a yum proxy repo for RHEL in the Nexus GUI. Use a URL such as:

I have not gotten this to work yet. I’m still trying to get my certs from Red Hat. Specifically the CA file, since my red hat boxes have never reached the internet, i’ve only manually registered them into the red hat portal. Red Hat of course points me to Sonatype support. I’m still working with Sonatype to find a solution. I’ll let you know how it goes.

1 Like

Thanks for the info Greg. Be interesting to see how you get on :slight_smile: