So it turns out that the Rhel6 image is missing libnsspem.so (a library used by curl to initialize nss as the ssl-engine) which breaks the ssl-validation in anaconda. This is normally not a problem, however if you for some reason have password-protected repository’s and don’t feel like sending your password in clear text over the network for every client/server you kickstart-install, this is going to be a problem.

Luckily there is an easy fix for it – include the necessary library in the Rhel 6 install.img-file.

1
2
3
4
5

sudo mkdir /foo /bar
sudo mount -o loop path-to-rhel6-install.img /foo
sudo cp -r /foo /bar
sudo cp /usr/lib[arch]/libnsspem.so /bar/usr/lib[arch]
sudo mksquashfs /bar install.img

Just replace the original install.img-file from the dvd-source with the one you just created and should be alright. The above steps would be made from an already installed Rhel 6 or atleast on a client with a libnsspem.so-file that is compatible with the version of nss Rhel 6 is running.

You could probably copy the library over in the %pre section of the kickstart-file, but then you would have to figure out a way to either,

1) remount /usr/lib[arch] to writable (for placing the libnsspem.so in there), or
2) you would have to add the directory where you placed libnsspem.so to the LD_LIBRARY_PATH and then make anaconda use that.

Note,
This is beeing fixed for Rhel 6.1, see bugreport at Red Hat’s bugzilla.