RHEL 9 VM Exported from Internal Network Cannot Verify SSL Certificates for Updates

## RHEL 9 VM Exported from Internal Network Cannot Verify SSL Certificates for Updates I'm running into a major issue with a Red Hat Enterprise Linux 9 VM that was originally exported from my company's internal infrastructure. I'm now using this VM on a standard public internet connection, and I'm unable to perform basic operations like dnf update due to SSL certificate verification errors. --- ### **Problem** Running dnf update results in the following:

Updating Subscription Management repositories.
This system is registered with an entitlement server, but is not receiving updates.

Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)       
Errors during downloading metadata for repository 'rhel-9-for-x86_64-baseos-rpms':
  - Curl error (77): Problem with the SSL CA cert (path? access rights?) for https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os/repodata/repomd.xml  
    [error setting certificate file: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem]
Error: Failed to download metadata for repo 'rhel-9-for-x86_64-baseos-rpms': 
  Cannot download repomd.xml: Curl error (77): Problem with the SSL CA cert (path? access rights?)

Trying to run subscription-manager identity shows:

Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1147)

--- ### **What I’ve Tried** 1. **Checked System Time** - Verified with date and timedatectl. Time *seems* off, which may be contributing to the SSL issue. - Tried enabling NTP with:

systemctl enable chronyd --now

But it fails, saying:

Failed to enable unit: Unit file chronyd.service does not exist.

- I cannot install chrony because dnf is broken due to the SSL certificate issue. 2. **Checked CA Certificate Files** - Ran:

find /etc/pki -type f \( -name "*.crt" -o -name "*.cert" \)

**No certificate files were found.** 3. **Compared to Fresh RHEL 9 Install** - A clean RHEL 9 VM (registered with the same Red Hat account) works fine and has many cert files in /etc/pki/ca-trust/. 4. **Reinstall CA Certificates** - Ran:

sudo dnf reinstall ca-certificates
     sudo update-ca-trust extract

But no certs appeared, and the issue remains. 5. **Checked Proxy Config** - No proxies in /etc/environment, /etc/profile, shell dotfiles, or subscription-manager:

subscription-manager config --remove=server.proxy_hostname
     subscription-manager config --remove=server.proxy_port

--- ### **Context** This VM was managed internally and likely used internal CAs or custom proxy settings. Now that it’s on a public network, it appears unable to verify standard SSL certificates, and it’s missing all cert files in /etc/pki. --- ### **Question** What could explain the complete absence of certificate files in /etc/pki, and how can I restore them without access to dnf or a working package manager? Is there a manual way to recover basic system certificates or sync time so that SSL works again? Or is this VM likely too locked into internal infrastructure to be recovered for public use? Any help would be greatly appreciated! (I really need to fix this issue they blame me)