SES installation is failing on RHEL 8 due to the repository certificate being too weak.

Configuring Repo (linux-repo.us.securitycloud.symantec.com) .. YUM Repo communication error: /===============================================================================================================================================================================================================================================\ | Updating Subscription Management repositories. | | Symantec Agent for Linux repository 0.0 B/s | 0 B 00:00 | | Errors during downloading metadata for repository 'SDCSS': | | - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://linux-repo.us.securitycloud.symantec.com/SAL/1.0/rhel8/x86_64/repodata/repomd.xml [SSL certificate problem: EE certificate key too weak]

After running the following commands to test the linux repo and spoc connection, you see that the box seems to connect with the Symantec backend just fine, but when you try the installation, it fails with the above error.

curl -v https://linux-repo.us.securitycloud.symantec.com

openssl s_client -tls1_2 -showcerts -tlsextdebug -connect us.spoc.securitycloud.symantec.com:443

Release : SES 14.3 RU4

Component : SES installation.

OS: RHEL 8+.

The encryption mismatch between the TLS certificate bit length and the crypto policies on the box causes a failure to properly connect to Symantec's Linux repository servers.

NIST and RSA prescribe the use of 2048 key bit lengths.

Please refer to the following document for more:

https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-57pt3r1.pdf