Message boards :
Questions and problems :
BOINC and SSL intercepting IDS
Message board moderation
Author | Message |
---|---|
Send message Joined: 2 Feb 18 Posts: 3 |
Dear all, I'm running an IDS/IPS which intercepts SSL comminucations. So far can't join any project, always getting something like: 2/2/2018 11:54:45 AM | | Fetching configuration file from http://einstein.phys.uwm.edu/get_project_config.php 2/2/2018 11:54:53 AM | | Project communication failed: attempting access to reference site 2/2/2018 11:54:55 AM | | BOINC can't access Internet - check network connection or proxy configuration. BOINC manager 7.8.2 under Windows 10 Is there a way to configure BOINC to ignore SSL certificate errors or to add the CA certificate? Regards, Andreas |
Send message Joined: 5 Oct 06 Posts: 5081 |
BOINC's SSL certificates are stored in a file called ca-bundle.crt, which you can find in the BOINC program directory. We are about to start using a new version of this file, which you can find in https://github.com/BOINC/boinc/tree/master/curl - it would be helpful if you could download this new file and see if it resolves your problem. If not, you should be able to add your own certificate using a plain-txt editor - despite the name, the file and the certificates within it are stored in simple ASCII format. |
Send message Joined: 2 Feb 18 Posts: 3 |
Hi Richard, thanks a lot for your help. I added the certificate of my CA and now everything works as expected. Regards, Andreas |
Send message Joined: 5 Oct 06 Posts: 5081 |
Did you try the new version of the file? Is the CA you added a purely private one, or one we should add to the generic bundle for other people with the same problem? |
Send message Joined: 2 Feb 18 Posts: 3 |
It is a purely private CA. My firewall/IDS intercepts all SSL connections and creates certificates on the fly. These are signed by the CA I needed to add. |
Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License,
Version 1.2 or any later version published by the Free Software Foundation.