SES installation is failing on RHEL 8 due to the repository certificate being too weak.
Configuring Repo (linux-repo.us.securitycloud.symantec.com) .. YUM Repo communication error: /===============================================================================================================================================================================================================================================\ | Updating Subscription Management repositories. | | Symantec Agent for Linux repository 0.0 B/s | 0 B 00:00 | | Errors during downloading metadata for repository 'SDCSS': | | - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://linux-repo.us.securitycloud.symantec.com/SAL/1.0/rhel8/x86_64/repodata/repomd.xml [SSL certificate problem: EE certificate key too weak]
After running the following commands to test the linux repo and spoc connection, you see that the box seems to connect with the Symantec backend just fine, but when you try the installation, it fails with the above error.
curl -v https://linux-repo.us.securitycloud.symantec.com
openssl s_client -tls1_2 -showcerts -tlsextdebug -connect us.spoc.securitycloud.symantec.com:443
The encryption mismatch between the TLS certificate bit length and the crypto policies on the box causes a failure to properly connect to Symantec's Linux repository servers.
Release : SES 14.3 RU4
Component : SES installation.
OS: RHEL 8+.
When you consult with Red Hat Linux documentation, you see that changing the crypto policies to FUTURE requires that you use TLS certificates with a bit length greater than 3071.
DEFAULT remains the suitable option for contemporary, day to day business needs because 2048 bit key lengths represent the modern standard. Change your policy settings to DEFAULT and reference RSA and NIST documentation for further information and updates.
NIST and RSA prescribe the use of 2048 key bit lengths.
Please refer to the following document for more: