# service ntpd onefetch Certificate verification failed for /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2 34374371912:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269: fetch: https://www.ietf.org/timezones/data/leap-seconds.list: Authentication error and the included leap-seconds file, /etc/ntp/leap-seconds, is out of date: #@ 3723408000 File expires on: 28 December 2017 The current is: #@ 3754944000 File expires on: 28 December 2018
What certificate do you see for the https://www.ietf.org site? $ openssl s_client -connect www.ietf.org:443 ... -----BEGIN CERTIFICATE----- MIIGVzCCBT+gAwIBAgIJAOjn+hFvt9ZRMA0GCSqGSIb3DQEBCwUAMIHGMQswCQYD VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEl MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMq aHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYD VQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcy MB4XDTE4MDYxMjE1NDQxMloXDTE5MDgxMTIzMTI1MFowODEhMB8GA1UECxMYRG9t YWluIENvbnRyb2wgVmFsaWRhdGVkMRMwEQYDVQQDDAoqLmlldGYub3JnMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDX gioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UF vDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2 laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY 2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+O tey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQAB o4IC0zCCAs8wDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB BQUHAwIwDgYDVR0PAQH/BAQDAgWgMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9j cmwuc3RhcmZpZWxkdGVjaC5jb20vc2ZpZzJzMS0xMDguY3JsMGMGA1UdIARcMFow TgYLYIZIAYb9bgEHFwEwPzA9BggrBgEFBQcCARYxaHR0cDovL2NlcnRpZmljYXRl cy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwgYIGCCsG AQUFBwEBBHYwdDAqBggrBgEFBQcwAYYeaHR0cDovL29jc3Auc3RhcmZpZWxkdGVj aC5jb20vMEYGCCsGAQUFBzAChjpodHRwOi8vY2VydGlmaWNhdGVzLnN0YXJmaWVs ZHRlY2guY29tL3JlcG9zaXRvcnkvc2ZpZzIuY3J0MB8GA1UdIwQYMBaAFCVFgWhQ Jjg9Oy0svs1q2bY9s2ZjMB8GA1UdEQQYMBaCCiouaWV0Zi5vcmeCCGlldGYub3Jn MB0GA1UdDgQWBBQG/gur2OZ0bvzEcwKF96lIftE0TzCCAQQGCisGAQQB1nkCBAIE gfUEgfIA8AB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABY/Ss DTMAAAQDAEcwRQIhAL+3euwvcq+Fcvo679LRwxXFwBPzbs21PsdvxxAIyQo0AiAU 9j4Al/zhZzkfmkCE+0bEpGIXtHePDZK3MfC0S4OqagB2AHR+2oMxrTMQkSGcziVP QnDCv/1eQiAIxjc1eeYQe8xWAAABY/SsFKQAAAQDAEcwRQIhAO+lvyyEV5rlkU0H JGx4FBJMQ4F2PghUmyzl4TjFb6/RAiBeNhkOVWtKXvhgHildFUrqJMstdeqiSs6x k8KaX4b6EjANBgkqhkiG9w0BAQsFAAOCAQEApAA3D/w2RPkyGaKdhjAjXS9S0TSS d3jJPwsLZF3wbvPFED6XdDZpD2kUznF6OT2VXBBBd4vFlg8E7h61Qs717aO668/g LSCxZUbfMrddEIi0QGT/BJB9tR6FkSIxp/Gf6qolzufrq5j6IQ2RN4nXlFVo7HFM di+8tYNFztDSlkmaL0x4Q7gchDhNzubcUq6gGGUMEEuHIL0BoFrxgXnb0CfH/VP1 nO0jJ65wnGobWIo7b1Y9lpsG+INMvChTe4Uz/6lLdGA3AqAMgn/Hg0GpuGoN12PD iyIyHJ4FylXvxr+PVsqpQnEwFsFdVgS0uzdWMAq/QECglhFBwAA4A+I4ig== -----END CERTIFICATE----- ... --- SSL handshake has read 4782 bytes and written 219 bytes Verification: OK
Do you have the ca_root_nss package installed?
(In reply to Conrad Meyer from comment #2) Same certificate as you, depth=2 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Root Certificate Authority - G2 verify error:num=20:unable to get local issuer certificate ca_root_nss package is not installed.
(In reply to Jason Mader from comment #3) > ca_root_nss package is not installed. Well, there's the problem.
(In reply to Conrad Meyer from comment #4) Except this function is from base. It should work without a package. Also, base has an out of date leap-seconds file at the time of release.
(In reply to Jason Mader from comment #5) Ah, I'm with you there. ca_root_nss should be in base. (Probably duplicate of bug 213448 (or vice versa).)
*** This bug has been marked as a duplicate of bug 213448 ***