Posts by lanbrown

1) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround) (Message 105550)
Posted 30 Sep 2021 by lanbrown
Post:
You mean this one?



Searching for 'DST X3' didn't find anything.


That's the one that is expired.
2) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround) (Message 105548)
Posted 30 Sep 2021 by lanbrown
Post:
It is the DST X3 portion of the certificate.

Since the developers put what certificate is what, it would be nice if they added the expiration date as well. It would help them since they could also see what certificates are going to be invalid in the future.
3) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround) (Message 105545)
Posted 30 Sep 2021 by lanbrown
Post:
I think someone made a working bodge last time, by removing the expired X3 certificate (or equivalent).


Removing it does indeed remediate the issue.
4) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround) (Message 105543)
Posted 30 Sep 2021 by lanbrown
Post:
That would also explain why adding the root, intermediate and even the certificate for the project itself doesn't remediate the issue.

What do you mean by "adding the certificates"? Are you modifying ca-bundle.crt?


Yes.
5) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround) (Message 105541)
Posted 30 Sep 2021 by lanbrown
Post:
That would also explain why adding the root, intermediate and even the certificate for the project itself doesn't remediate the issue.
6) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround) (Message 105533)
Posted 30 Sep 2021 by lanbrown
Post:
But sites that use Let's Encrypt are the ones having an issue since they updated their chain *after* that emergency release in May of 2020. October 5th is a longways away. That will be a lot of lost work and lost computational time. If you are going to use a certificate bundle that is client based, then updates to it need to be made available before issues start. I believe it is unique to Windows that the client has a local certificate file. Either that needs to be updated when the client checks for updates or an option to launch the client be made available to bypass certificate validation.
7) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround) (Message 105526)
Posted 30 Sep 2021 by lanbrown
Post:
Yes. Let's encrypt has updated their certificated.

The Root is the ISRG Root X1
Valid from 6/4/2015 to 6/4/2035

The intermediate is R3:
‎Thursday, ‎September ‎3, ‎2020 7:00:00 PM
‎Monday, ‎September ‎15, ‎2025 11:00:00 AM

30 82 01 0a 02 82 01 01 00 bb 02 15 28 cc f6 a0 94 d3 0f 12 ec 8d 55 92 c3 f8 82 f1 99 a6 7a 42 88 a7 5d 26 aa b5 2b b9 c5 4c b1 af 8e 6b f9 75 c8 a3 d7 0f 47 94 14 55 35 57 8c 9e a8 a2 39 19 f5 82 3c 42 a9 4e 6e f5 3b c3 2e db 8d c0 b0 5c f3 59 38 e7 ed cf 69 f0 5a 0b 1b be c0 94 24 25 87 fa 37 71 b3 13 e7 1c ac e1 9b ef db e4 3b 45 52 45 96 a9 c1 53 ce 34 c8 52 ee b5 ae ed 8f de 60 70 e2 a5 54 ab b6 6d 0e 97 a5 40 34 6b 2b d3 bc 66 eb 66 34 7c fa 6b 8b 8f 57 29 99 f8 30 17 5d ba 72 6f fb 81 c5 ad d2 86 58 3d 17 c7 e7 09 bb f1 2b f7 86 dc c1 da 71 5d d4 46 e3 cc ad 25 c1 88 bc 60 67 75 66 b3 f1 18 f7 a2 5c e6 53 ff 3a 88 b6 47 a5 ff 13 18 ea 98 09 77 3f 9d 53 f9 cf 01 e5 f5 a6 70 17 14 af 63 a4 ff 99 b3 93 9d dc 53 a7 06 fe 48 85 1d a1 69 ae 25 75 bb 13 cc 52 03 f5 ed 51 a1 8b db 15 02 03 01 00 01


So is there a way to download the new ca-bundle.crt in the interim? October 5th is a longways to go without uploading or downloading WU's. If BOINC is going to force the validity of certificates, then the updated file needs to be made available.




Copyright © 2022 University of California. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.