curl SSL connect error – NSS error -5961

I got this error when I wanted to clone a git repo over HTTPS:

# git clone https://git.my.org/projects/test.git
Initialized empty Git repository in /tmp/test/.git/
error:  while accessing https://git.my.org/projects/test.git/info/refs

If I access the server with curl there’s error too:

# curl -v --insecure https://git.my.org
* About to connect() to git.my.org port 443 (#0)
*   Trying 192.168.4.97... connected
* Connected to git.my.org (192.168.4.97) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* NSS error -5961
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

That was a CentOS 6 box and it had not been updated for quite some time. The curl version:

# curl --version
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

I fixed it by updating nss lib and curl:

# yum update -y nss curl libcurl

Note that both nss and curl need to be updated. After the update:

# curl --version
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

Getting Started with Cobbler

I’m not a full-time system administrator and my knowledge is really limited in this domain, especially when it comes close to hardware. But I need to re-install several servers in a data center without physically accessing them. They’re using CentOS 6 now, and I want clean installs of CentOS 7.

I started looking into Cobbler. To avoid making the physical servers inaccessible through network, I played a while with Cobbler in some VirtualBox VMs in my MacBook and here are some notes.

Continue reading “Getting Started with Cobbler”