NIMHTTP with HTTPS

Under Construction

Working with AIX > Advanced Administration > RPM and YUM > YUM with NIMHTTP

If the nimhttp service handler was started on the NIM server with the “-c” option, it supports HTTPS instead of HTTP. On the AIX systems that access the repositories using nimhttp, https must be specified instead of http in the baseurl of the repositories:

aix03 # cat /opt/freeware/etc/yum/yum.conf
[main]
cachedir=/var/cache/yum
keepcache=1
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
plugins=1

[AIX_Toolbox]
name=AIX generic repository
baseurl=https://aixnim:4901/aixtoolbox/RPMS/ppc/
enabled=1
gpgcheck=0

[AIX_Toolbox_noarch]
name=AIX noarch repository
baseurl=https://aixnim:4901/aixtoolbox/RPMS/noarch/
enabled=1
gpgcheck=0

[AIX_Toolbox_71]
name=AIX 7.1 specific repository
baseurl=https://aixnim:4901/aixtoolbox/RPMS/ppc-7.1/
enabled=1
gpgcheck=0

aix03 #

Most administrators use a self-signed certificate on a NIM server. When using https for the YUM repositories, however, these are not accepted by default:

aix03 # yum repolist
https://aixnim:4901/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
repo id                                     repo name                                             status
AIX_Toolbox                                 AIX generic repository                                0
AIX_Toolbox_71                              AIX 7.1 specific repository                           0
AIX_Toolbox_noarch                          AIX noarch repository                                 0
repolist: 0
aix03 #

The verification of certificates can be switched off by setting the attribute sslverify to “false” (or “0“). This can either be done individually for individual repositories or in the main section of /opt/freeware/etc/yum/yum.conf for all repositories. In the following example sslverify was set to “false” globally:

aix03 # cat /opt/freeware/etc/yum/yum.conf
[main]
…
sslverify=false
…

aix03 #

YUM can then access the repositories without any problems:

aix03 # yum repolist
AIX_Toolbox                                                                      | 2.9 kB  00:00:00    
AIX_Toolbox/primary_db                                                           | 1.8 MB  00:00:00    
AIX_Toolbox_71                                                                   | 2.9 kB  00:00:00    
AIX_Toolbox_71/primary_db                                                        | 236 kB  00:00:00    
AIX_Toolbox_noarch                                                               | 2.9 kB  00:00:00    
AIX_Toolbox_noarch/primary_db                                                    | 105 kB  00:00:00    
repo id                                     repo name                                             status
AIX_Toolbox                                 AIX generic repository                                2740
AIX_Toolbox_71                              AIX 7.1 specific repository                            295
AIX_Toolbox_noarch                          AIX noarch repository                                  301
repolist: 3336
aix03 #