Peer certificate cannot be authenticated with given CA certificates

Message boards : Questions and problems : Peer certificate cannot be authenticated with given CA certificates
Message board moderation

To post messages, you must log in.

Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 · Next

AuthorMessage
Peter Hucker
Avatar

Send message
Joined: 6 Oct 06
Posts: 734
United Kingdom
Message 99051 - Posted: 3 Jun 2020, 12:25:14 UTC - in response to Message 99048.  

Notices are not for user attention, or things the user needs to change or adjust. They're for news and other non-intrusive messages. No action needed things.


But we could have taken action, by adjusting our certificates file to do their job for them.
.
ID: 99051 · Report as offensive
Peter Hucker
Avatar

Send message
Joined: 6 Oct 06
Posts: 734
United Kingdom
Message 99052 - Posted: 3 Jun 2020, 12:26:23 UTC - in response to Message 99049.  

No connections to projects because of this issue.
Well, seems BOINC doesn't need my computing power anymore, ok.

EDIT: BTW, why nothing in BOINC notices about this issue?
They so verbose with different junk, but when REALLY user attention required they are silent! WTF!


Are you still having problems with this on any projects ?

LHC has updated the server https://lhcathome.cern.ch/lhcathome/forum_thread.php?id=5441&postid=42767#42767
Rosetta has also fixed the issue https://boinc.bakerlab.org/rosetta/forum_thread.php?id=14006
I'm only aware of one other affected project. https://numberfields.asu.edu/NumberFields/forum_thread.php?id=460

Are there still any projects that are having problems ?


The Windows Boinc version update (and the temporary fix) sorted LHC and Rosetta here. LHC's own fix sorted my Androids (the Android update didn't help).
.
ID: 99052 · Report as offensive
Profile Dave

Send message
Joined: 28 Jun 10
Posts: 1054
United Kingdom
Message 99053 - Posted: 3 Jun 2020, 13:37:32 UTC

And yet didn't sort it before that date. Utter incompetance. Somebody should have written the expiry date on a calendar for goodness sake. If Boinc was a private company, somebody would now be fired.


Did I hear you volunteering to contribute? Thought not.

When a program is written and maintained by volunteers, accusations of incompetence etc are unlikely to produce any change.
ID: 99053 · Report as offensive
Peter Hucker
Avatar

Send message
Joined: 6 Oct 06
Posts: 734
United Kingdom
Message 99054 - Posted: 3 Jun 2020, 13:44:06 UTC - in response to Message 99053.  

And yet didn't sort it before that date. Utter incompetance. Somebody should have written the expiry date on a calendar for goodness sake. If Boinc was a private company, somebody would now be fired.


Did I hear you volunteering to contribute? Thought not.

When a program is written and maintained by volunteers, accusations of incompetence etc are unlikely to produce any change.


I'm not a programmer. I do my job and expect everyone else to do theirs. So, what was the reason for forgetting this important date? It's not rocket science to mark a date on a calendar.

And I don't expect change, I expect it to be held together on a shoe string forever more. But if they want the system to work, they need to pull their fingers out.
.
ID: 99054 · Report as offensive
Terror Australis

Send message
Joined: 3 Jun 20
Posts: 3
Australia
Message 99056 - Posted: 3 Jun 2020, 14:23:33 UTC - in response to Message 99052.  

I'm still having problems with Einstein@home. Both with Linux and Windows machines...
I've read most of the thread, but where are the ca-certificate files hidden ? Before I can update them I need to find them....

T.A..
ID: 99056 · Report as offensive
Peter Hucker
Avatar

Send message
Joined: 6 Oct 06
Posts: 734
United Kingdom
Message 99057 - Posted: 3 Jun 2020, 14:32:50 UTC - in response to Message 99056.  

I'm still having problems with Einstein@home. Both with Linux and Windows machines...
I've read most of the thread, but where are the ca-certificate files hidden ? Before I can update them I need to find them....

T.A..


On Windows, it's C:\Program Files\BOINC\ca-bundle.crt

I don't know about Linux as I've not used it (yet)
.
ID: 99057 · Report as offensive
Terror Australis

Send message
Joined: 3 Jun 20
Posts: 3
Australia
Message 99059 - Posted: 3 Jun 2020, 15:29:16 UTC - in response to Message 99056.  

Problem solved !!!
Thanks to Toby Broom and his replacement file, and a facepalm for not realising where the the thing was hidden in the first place..... :(
Regards
T.A.
ID: 99059 · Report as offensive
Terror Australis

Send message
Joined: 3 Jun 20
Posts: 3
Australia
Message 99060 - Posted: 3 Jun 2020, 15:31:19 UTC - in response to Message 99057.  

In Linux it was in my /home/*user*/BOINC directory.....

T.A.
ID: 99060 · Report as offensive
Bernie Vine
Volunteer moderator
Avatar

Send message
Joined: 10 Dec 12
Posts: 309
Message 99065 - Posted: 3 Jun 2020, 17:07:39 UTC

ID: 99065 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99101 - Posted: 5 Jun 2020, 10:09:03 UTC - in response to Message 99049.  


Are you still having problems with this on any projects ?

Are there still any projects that are having problems ?


Yes, still can't upload/download from/to Rosetta

https://clip2net.com/s/47RTSv7
ID: 99101 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99102 - Posted: 5 Jun 2020, 10:12:52 UTC - in response to Message 99053.  
Last modified: 5 Jun 2020, 10:28:37 UTC

And yet didn't sort it before that date. Utter incompetance. Somebody should have written the expiry date on a calendar for goodness sake. If Boinc was a private company, somebody would now be fired.


Did I hear you volunteering to contribute? Thought not.

When a program is written and maintained by volunteers, accusations of incompetence etc are unlikely to produce any change.

LoL, volunteer just mean "no pay", it doesn't change competence/incompetence status. At all.
Shit happens, but better not in SUCH degree.
(In defense of Berkeley though I could say that it's not the single big university that forgot about expiration dates. Once we lost whole domain name because of expiration of DNS registration :))))) )

EDIT: And I would appreciate concise instructions what to do on my end to solve incompetence (yes, lets call things by their names) on server-end.
And preferably no-BOINC-version-update fix, cause I'm fully aware how many issues I potentially would have changing from checked-to-be-stable to "recommended" one...
ID: 99102 · Report as offensive
Keith T
Avatar

Send message
Joined: 26 Feb 07
Posts: 71
United Kingdom
Message 99104 - Posted: 5 Jun 2020, 10:27:14 UTC - in response to Message 99101.  
Last modified: 5 Jun 2020, 10:27:36 UTC


Are you still having problems with this on any projects ?

Are there still any projects that are having problems ?


Yes, still can't upload/download from/to Rosetta

https://clip2net.com/s/47RTSv7


Is this on Android, or other OS ?
If Android, which version of the BOINC app ?
ID: 99104 · Report as offensive
Bryn Mawr
Help desk expert

Send message
Joined: 31 Dec 18
Posts: 90
United Kingdom
Message 99105 - Posted: 5 Jun 2020, 10:28:32 UTC - in response to Message 99102.  

And yet didn't sort it before that date. Utter incompetance. Somebody should have written the expiry date on a calendar for goodness sake. If Boinc was a private company, somebody would now be fired.


Did I hear you volunteering to contribute? Thought not.

When a program is written and maintained by volunteers, accusations of incompetence etc are unlikely to produce any change.

LoL, volunteer just mean "no pay", it doesn't change competence/incompetence status. At all.
Shit happens, but better not in SUCH degree.

EDIT: And I would appreciate concise instructions what to do on my end to solve incompetence (yes, lets call things by their names) on server-end.
And preferably no-BOINC-version-update fix, cause I'm fully aware how many issues I potentially would have changing from checked-to-be-stable to "recommended" one...


Might I suggest that with your attitude your best fix is to turn your computers off.

Why should the volunteers give up their time to give you concise instructions to do a job that no longer needs doing for those who’ve accepted the updated software that you so insultingly refuse to run.
ID: 99105 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99106 - Posted: 5 Jun 2020, 10:29:54 UTC - in response to Message 99105.  
Last modified: 5 Jun 2020, 10:31:40 UTC


Might I suggest that with your attitude your best fix is to turn your computers off.

Why should the volunteers give up their time to give you concise instructions to do a job that no longer needs doing for those who’ve accepted the updated software that you so insultingly refuse to run.

Nope, you may not :)

(Learn what cause issue, learn how it connected with executable if connected at all then rant about my attitude)
ID: 99106 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99107 - Posted: 5 Jun 2020, 10:30:42 UTC - in response to Message 99104.  


Are you still having problems with this on any projects ?

Are there still any projects that are having problems ?


Yes, still can't upload/download from/to Rosetta

https://clip2net.com/s/47RTSv7


Is this on Android, or other OS ?
If Android, which version of the BOINC app ?


Vista, BOINC 7.4.42
ID: 99107 · Report as offensive
Keith T
Avatar

Send message
Joined: 26 Feb 07
Posts: 71
United Kingdom
Message 99108 - Posted: 5 Jun 2020, 10:39:54 UTC - in response to Message 99107.  


Are you still having problems with this on any projects ?

Are there still any projects that are having problems ?


Yes, still can't upload/download from/to Rosetta

https://clip2net.com/s/47RTSv7


Is this on Android, or other OS ?
If Android, which version of the BOINC app ?


Vista, BOINC 7.4.42


I found your Rosetta hosts https://boinc.bakerlab.org/rosetta/hosts_user.php?userid=2135309

Have you tried editing the ca-bundle.crt file ? https://boinc.bakerlab.org/rosetta/forum_thread.php?id=14006&postid=96882#96882
ID: 99108 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99109 - Posted: 5 Jun 2020, 10:51:10 UTC - in response to Message 99108.  


Have you tried editing the ca-bundle.crt file ? https://boinc.bakerlab.org/rosetta/forum_thread.php?id=14006&postid=96882#96882

Thanks for link.

Unfortunately, seems it's not enough in my case:

05/06/2020 13:46:45 | Rosetta@home | [http] [ID#18] Info: Connected to boinc.bakerlab.org (128.95.160.157) port 443 (#25)
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#18] Info: successfully set certificate verify locations:
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#18] Info: CAfile: P:\bin\BOINC\ca-bundle.crt
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#18] Info: CApath: none
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#18] Info: SSLv3, TLS handshake, Client hello (1):
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#19] Info: Connected to boinc.bakerlab.org (128.95.160.157) port 443 (#26)
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#19] Info: successfully set certificate verify locations:
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#19] Info: CAfile: P:\bin\BOINC\ca-bundle.crt
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#19] Info: CApath: none
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#19] Info: SSLv3, TLS handshake, Client hello (1):
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#18] Info: SSLv3, TLS handshake, Server hello (2):
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#18] Info: SSLv3, TLS handshake, CERT (11):
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#18] Info: SSLv3, TLS alert, Server hello (2):
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#18] Info: SSL certificate problem: unable to get local issuer certificate
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#18] Info: Closing connection 25
05/06/2020 13:46:45 | Rosetta@home | [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#19] Info: SSLv3, TLS handshake, Server hello (2):
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#19] Info: SSLv3, TLS handshake, CERT (11):
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#19] Info: SSLv3, TLS alert, Server hello (2):
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#19] Info: SSL certificate problem: unable to get local issuer certificate
05/06/2020 13:46:45 | Rosetta@home | [http] [ID#19] Info: Closing connection 26
05/06/2020 13:46:45 | Rosetta@home | [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates

I see few other entries from AddTrust there, maybe they should be deleted too?
Or maybe properly updated ca-bundle.crt is available somewhere?
ID: 99109 · Report as offensive
Bryn Mawr
Help desk expert

Send message
Joined: 31 Dec 18
Posts: 90
United Kingdom
Message 99110 - Posted: 5 Jun 2020, 10:57:32 UTC - in response to Message 99106.  


Might I suggest that with your attitude your best fix is to turn your computers off.

Why should the volunteers give up their time to give you concise instructions to do a job that no longer needs doing for those who’ve accepted the updated software that you so insultingly refuse to run.

Nope, you may not :)

(Learn what cause issue, learn how it connected with executable if connected at all then rant about my attitude)


I know exactly what caused the problem and I know, even if you don’t, where the line is between legitimate complaint and out and out ignorance. You sir, have crossed that line.
ID: 99110 · Report as offensive
Keith T
Avatar

Send message
Joined: 26 Feb 07
Posts: 71
United Kingdom
Message 99111 - Posted: 5 Jun 2020, 11:02:10 UTC - in response to Message 99109.  

There is more information in https://boinc.bakerlab.org/rosetta/forum_thread.php?id=14006

I only had this problem on LHC, both Windows and Android

The expired certificate problem has affected at least 3 projects, Rosetta, LHC and Number Fields, a few people have reported problems on Einstein as well.

There is an updated version of ca-bundle.crt available, but I'm not sure where to download the latest version.
ID: 99111 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99112 - Posted: 5 Jun 2020, 11:04:25 UTC - in response to Message 99110.  

You sir, have crossed that line.

Very helpful statement from Эксперт-помощник (expert helper, right :) ) I'm here little longer it seems and know what new executable could do, so call it as you wish, but if issue can be fixed w/o executable change I still prefer to fix it w/o changing executable. And I'm not "sir", I'm товарищ :D (joke ;) )
ID: 99112 · Report as offensive
Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 · Next

Message boards : Questions and problems : Peer certificate cannot be authenticated with given CA certificates

Copyright © 2020 University of California. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.