Yum y la curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."

Postgresista

Equipo:

Buenas tardes,

Vengo hoy a pedirles auxilio con una instalacion via yum de postgres 10, algo que hago a casi a diario y hasta de memoria les diria ;P

Creo el repo, apunto las url, tiro el yum install...  y me sale un error curl 60. Y no se para donde encarar.

¿Alguien me podria dar una mano a ver que puedo hacer?

Es un Centos 7.2, el postrgres es un 10 (nuevito)

Algunas pruebas:

# yum repolist
Loaded plugins: fastestmirror
base | 3.6 kB  00:00:00
extras | 3.4 kB  00:00:00
https://apt.postgresql.org/pub/repos/yum/10/redhat/rhel-7.2-x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."
Trying other mirror.
It was impossible to connect to the CentOS servers.
This could mean a connectivity issue in your environment, such as the requirement to configure a proxy,
or a transparent proxy that tampers with TLS security, or an incorrect system clock.
Please collect information about the specific failure that occurs in your environment,
using the instructions in: https://access.redhat.com/solutions/1527033 and create a bug on https://bugs.centos.org/

updates | 3.4 kB  00:00:00

Loading mirror speeds from cached hostfile
 * base: centos.brnet.net.br
 * extras: centos.brnet.net.br
 * updates: centos.brnet.net.br
pgdg10/primary_db              FAILED
https://apt.postgresql.org/pub/repos/yum/10/redhat/rhel-7.2-x86_64/repodata/66561b5f7f635c8c44ce3a66551b8c58b47d65ec53e472714260282d1713aa34-primary.sqlite.bz2: [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."
Trying other mirror.
https://apt.postgresql.org/pub/repos/yum/10/redhat/rhel-7.2-x86_64/repodata/66561b5f7f635c8c44ce3a66551b8c58b47d65ec53e472714260282d1713aa34-primary.sqlite.bz2: [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."
Trying other mirror.

pgdg10/primary_db              FAILED
https://apt.postgresql.org/pub/repos/yum/10/redhat/rhel-7.2-x86_64/repodata/66561b5f7f635c8c44ce3a66551b8c58b47d65ec53e472714260282d1713aa34-primary.sqlite.bz2: [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."
Trying other mirror.
https://apt.postgresql.org/pub/repos/yum/10/redhat/rhel-7.2-x86_64/repodata/66561b5f7f635c8c44ce3a66551b8c58b47d65ec53e472714260282d1713aa34-primary.sqlite.bz2: [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."
Trying other mirror.
repo id         repo name          status
base/7/x86_64                      9,591
extras/7/x86_64 CentOS-7 - Extras  227
pgdg10          0
updates/7/x86_64CentOS-7 - Updates 740
repolist: 10,558

# curl -v --X https://apt.postgresql.org/pub/repos/yum/10/redhat/rhel-7.2-x86_64/repodata/repomd.xml
* About to connect() to apt.postgresql.org port 443 (#0)
*   Trying 174.143.35.246...
* Connected to apt.postgresql.org (174.143.35.246) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=ftp.postgresql.org
*       start date: Aug 28 09:34:00 2017 GMT
*       expire date: Nov 26 09:34:00 2017 GMT
*       common name: ftp.postgresql.org
*       issuer: [email protected],CN=FortiGate CA,OU=Certificate Authority,O=Fortinet,L=Sunnyvale,ST=California,C=US
* NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)
* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 0
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.