今天裝好了一台 Cloud Linux 8，

本想在裡面跑 yum 裝一下 net-tools，結果遇到 SSL certificate 問題：

# yum install net-tools

AlmaLinux 8.7 - AppStream                                                                                      0.0  B/s |   0  B     00:08
Errors during downloading metadata for repository 'appstream':
  - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.almalinux.org/mirrorlist/8.7/appstream [SSL certificate problem: unable to get local issuer certificate]
Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.almalinux.org/mirrorlist/8.7/appstream [SSL certificate problem: unable to get local issuer certificate]

用 openssl 指令連的時候，看到它中間出現了另一個憑證，

應該是公司有在網路裡放了一台 MITM 設備造成的：

# openssl s_client -connect mirrors.almalinux.org:443

CONNECTED(00000003)
depth=1 C = TW, ST = Taiwan, L = Taipei, O = MITM Inc., OU = Infosec
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = *.almalinux.org
verify return:1
---
Certificate chain
 0 s:CN = *.almalinux.org
   i:C = TW, ST = Taiwan, L = Taipei, O = MITM Inc., OU = Infosec
 1 s:C = TW, ST = Taiwan, L = Taipei, O = MITM Inc., OU = Infosec
   i:DC = org, DC = us, CN = MITMCA
---

我移不走 MITM 設備，要怎麼讓 yum 成功呢？

一種方法可能是把 MITM 的 Root CA 加入信任清單，

另一種我採用的方法是修改 /etc/yum.conf，將  

[main]
sslverify=False

改好之後，再執行 yum 就可以成功安裝套件了：

# yum install net-tools

......
Downloading Packages:
net-tools-2.0-0.52.20160912git.el8.x86_64.rpm   198 kB/s | 321 kB     00:01
......