Thread 'HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround)'

Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround)
Message board moderation

To post messages, you must log in.

Previous · 1 · 2 · 3 · 4 · 5 · Next

AuthorMessage
Dennis Menace

Send message
Joined: 1 Oct 21
Posts: 2
Greece
Message 105576 - Posted: 1 Oct 2021, 13:10:19 UTC - in response to Message 105575.  

@Richard ty for fast reply :)
ID: 105576 · Report as offensive
UBT - Timbo

Send message
Joined: 12 Oct 06
Posts: 15
United Kingdom
Message 105577 - Posted: 1 Oct 2021, 13:34:39 UTC - in response to Message 105556.  

Hiya

Thanks for posting the "fixed" file.

I replaced my ca-bundle.crt file with the file on Google Drive and it works.

regards
Tim
Founder, UK BOINC Team
ID: 105577 · Report as offensive
Profileadrianxw
Avatar

Send message
Joined: 2 Oct 05
Posts: 401
Denmark
Message 105578 - Posted: 1 Oct 2021, 14:01:27 UTC - in response to Message 105577.  

I can load and edit the file, but cannot save it, it says it needs admin priv. I AM the admin.
Wave upon wave of demented avengers march cheerfully out of obscurity into the dream.
ID: 105578 · Report as offensive
KAMasud

Send message
Joined: 13 Feb 07
Posts: 21
Pakistan
Message 105579 - Posted: 1 Oct 2021, 14:12:29 UTC

Well, someone will solve the problem after the weekend. Let us give them time.
ID: 105579 · Report as offensive
Profileadrianxw
Avatar

Send message
Joined: 2 Oct 05
Posts: 401
Denmark
Message 105580 - Posted: 1 Oct 2021, 14:20:47 UTC

Agreed. Deadlines are still days away.
Wave upon wave of demented avengers march cheerfully out of obscurity into the dream.
ID: 105580 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15551
Netherlands
Message 105581 - Posted: 1 Oct 2021, 14:28:00 UTC

I posted to the ticket again, asking if they can give an ETA. See #4530 if people want to urge there.
ID: 105581 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 5123
United Kingdom
Message 105582 - Posted: 1 Oct 2021, 14:33:10 UTC - in response to Message 105578.  

I can load and edit the file, but cannot save it, it says it needs admin priv. I AM the admin.
Right-click on your editor, and choose 'Run as administrator'.

I'm in the same position as you. I'm an administrator, but not the administrator.

Alternative solution: move the file to a non-protected location before attempting to edit it.
ID: 105582 · Report as offensive
Ian&Steve C.

Send message
Joined: 24 Dec 19
Posts: 229
United States
Message 105583 - Posted: 1 Oct 2021, 16:01:14 UTC

Can someone be more direct here, is this something that needs to be fixed on the BOINC Server side (at the project)? or at the client side software packages (at the host)? or something that requires a new BOINC software update (the client)?
ID: 105583 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 5123
United Kingdom
Message 105584 - Posted: 1 Oct 2021, 16:19:46 UTC - in response to Message 105583.  
Last modified: 1 Oct 2021, 16:25:53 UTC

The full solution would be a release of an updated client - which is long overdue, anyway.

Project server administrators may be able to take alleviating action, but that would be piecemeal, and not every project may have the necessary skills.

The BOINC server has no role to play.

I have a strongly-worded email in draft, which I intend to post 24 hours after this thread was opened - i.e. in about five minutes from now - unless something else happens first.

Sent.
ID: 105584 · Report as offensive
Ian&Steve C.

Send message
Joined: 24 Dec 19
Posts: 229
United States
Message 105585 - Posted: 1 Oct 2021, 16:26:09 UTC - in response to Message 105584.  

looks like for my upload issues seen at Universe@home on Linux Ubuntu 20.04.3, simply running the updates seems to have fixed it, one of the updates was the ca certificate. uploads now processing again.
ID: 105585 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15551
Netherlands
Message 105586 - Posted: 1 Oct 2021, 17:08:43 UTC - in response to Message 105584.  

I have a strongly-worded email in draft, which I intend to post 24 hours after this thread was opened - i.e. in about five minutes from now - unless something else happens first.

Sent.
Too bad it didn't go to any list I seem to follow. Mind sending me a copy?
ID: 105586 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 5123
United Kingdom
Message 105587 - Posted: 1 Oct 2021, 17:15:41 UTC - in response to Message 105586.  

I have a strongly-worded email in draft, which I intend to post 24 hours after this thread was opened - i.e. in about five minutes from now - unless something else happens first.

Sent.
Too bad it didn't go to any list I seem to follow. Mind sending me a copy?
It went to boinc_admin@googlegroups.com - I'd have thought you could get into that.

Two replies so far - Vitalii repeating what I just said, and Matt Blumberg saying that projects could sort it out for themselves. Neither answered the main question - "Where's Wally?"

I'll send you the thread so far.
ID: 105587 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 5123
United Kingdom
Message 105588 - Posted: 1 Oct 2021, 17:22:01 UTC - in response to Message 105585.  

looks like for my upload issues seen at Universe@home on Linux Ubuntu 20.04.3, simply running the updates seems to have fixed it, one of the updates was the ca certificate. uploads now processing again.
That's a good point. So far, we've been treating it as a "Windows only" problem, but if Linux machines haven't been updated for a while, it might affect them too.

I have two machines with CA updates waiting, and GPUGrid tasks around 80%. I'll wait till they finish, and see what happens.

At least, Linux updates can be done at home, without needing a new client from Berkeley. Unless, that is, you're a corporate Linux user, with a system locked up by central IT admin tighter than a duck's arse.
ID: 105588 · Report as offensive
marsinph

Send message
Joined: 11 Mar 19
Posts: 1
Belgium
Message 105589 - Posted: 1 Oct 2021, 17:42:24 UTC - in response to Message 105588.  

Hello Richard,
Thanks a lot.
It works. Your file downloaded, replaced (with secure copy of original in case of), not restart needed, and.....working !

It is already the second time such problem occurs. The latest was in 2018.
I think some project admin not follow theire project.
Have a nice day, evening, morninig,..... depending when you will read.
Once again, thank you
ID: 105589 · Report as offensive
ProfileDave
Help desk expert

Send message
Joined: 28 Jun 10
Posts: 2672
United Kingdom
Message 105590 - Posted: 1 Oct 2021, 17:48:31 UTC - in response to Message 105588.  

That's a good point. So far, we've been treating it as a "Windows only" problem, but if Linux machines haven't been updated for a while, it might affect them too.

At least, Linux updates can be done at home, without needing a new client from Berkeley. Unless, that is, you're a corporate Linux user, with a system locked up by central IT admin tighter than a duck's arse.
[/quote]

Presumably the linked googledocs cert bundle can replace the one in the BOINC folder just as I have done with my wine installation though I think I probably have a while before I need to worry though there are a couple of expired certificates in the bundle I currently have.
ID: 105590 · Report as offensive
Dr Who Fan
Avatar

Send message
Joined: 10 May 07
Posts: 1436
United States
Message 105592 - Posted: 1 Oct 2021, 18:43:22 UTC

According to this article quite a few big name websites also suffered outages on the LETS ENCRYPT certificate expiration.
ID: 105592 · Report as offensive
ProfileCesium_133*

Send message
Joined: 1 Oct 21
Posts: 1
Canada
Message 105596 - Posted: 1 Oct 2021, 20:24:16 UTC

Just wanted to inform everyone that I checked my certificate, it expires in 2028, and things are still snafu after updating my computer and restarting. Hopefully, they'll accept late results at these various projects...
ID: 105596 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 5123
United Kingdom
Message 105598 - Posted: 1 Oct 2021, 21:04:47 UTC - in response to Message 105588.  

I have two machines with CA updates waiting, and GPUGrid tasks around 80%. I'll wait till they finish, and see what happens.
My Linux machines have been making their hourly checkin to GPUGrid without problems, so the CA updates are irrelevant to this discussion. Linux (Mint) was ahead of the game at the last update.
ID: 105598 · Report as offensive
Profileadrianxw
Avatar

Send message
Joined: 2 Oct 05
Posts: 401
Denmark
Message 105600 - Posted: 2 Oct 2021, 12:21:33 UTC - in response to Message 105582.  

>>> Right-click on your editor, and choose 'Run as administrator'.

I edited and saved it from Visual Studio as administrator, saved and jobs uploading and reporting fine. Cheers Richard.
Wave upon wave of demented avengers march cheerfully out of obscurity into the dream.
ID: 105600 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 5123
United Kingdom
Message 105604 - Posted: 2 Oct 2021, 15:21:30 UTC

A volunteer developer is working on creating an emergency release (take a bow, Vitalii).

The new release will contain a fresh certificate bundle, sourced from a genuine and reliable public source: https://curl.se/docs/caextract.html

You will need to rename cacert.pem to ca-bundle.crt, but it works with some of the projects that were having problems on Thursday (I haven't checked them all). If you feel nervous about downloading amateur hacks like mine, feel free to download from there instead.
ID: 105604 · Report as offensive
Previous · 1 · 2 · 3 · 4 · 5 · Next

Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround)

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.