Posts by lanbrown

InfoMessage
1) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround)
Message 105550
Posted 30 Sep 2021 by lanbrown
You mean this one?



Searching for 'DST X3' didn't find anything.


That's the one that is expired.
2) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround)
Message 105548
Posted 30 Sep 2021 by lanbrown 		It is the DST X3 portion of the certificate.

Since the developers put what certificate is what, it would be nice if they added the expiration date as well. It would help them since they could also see what certificates are going to be invalid in the future.
3) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround)
Message 105545
Posted 30 Sep 2021 by lanbrown
I think someone made a working bodge last time, by removing the expired X3 certificate (or equivalent).


Removing it does indeed remediate the issue.
4) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround)
Message 105543
Posted 30 Sep 2021 by lanbrown
That would also explain why adding the root, intermediate and even the certificate for the project itself doesn't remediate the issue.

What do you mean by "adding the certificates"? Are you modifying ca-bundle.crt?


Yes.
5) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround)
Message 105541
Posted 30 Sep 2021 by lanbrown 		That would also explain why adding the root, intermediate and even the certificate for the project itself doesn't remediate the issue.
6) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround)
Message 105533
Posted 30 Sep 2021 by lanbrown 		But sites that use Let's Encrypt are the ones having an issue since they updated their chain *after* that emergency release in May of 2020. October 5th is a longways away. That will be a lot of lost work and lost computational time. If you are going to use a certificate bundle that is client based, then updates to it need to be made available before issues start. I believe it is unique to Windows that the client has a local certificate file. Either that needs to be updated when the client checks for updates or an option to launch the client be made available to bypass certificate validation.
7) Message boards : Questions and problems : HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround)
Message 105526
Posted 30 Sep 2021 by lanbrown 		Yes. Let's encrypt has updated their certificated.

The Root is the ISRG Root X1
Valid from 6/4/2015 to 6/4/2035

The intermediate is R3:
‎Thursday, ‎September ‎3, ‎2020 7:00:00 PM
‎Monday, ‎September ‎15, ‎2025 11:00:00 AM

30 82 01 0a 02 82 01 01 00 bb 02 15 28 cc f6 a0 94 d3 0f 12 ec 8d 55 92 c3 f8 82 f1 99 a6 7a 42 88 a7 5d 26 aa b5 2b b9 c5 4c b1 af 8e 6b f9 75 c8 a3 d7 0f 47 94 14 55 35 57 8c 9e a8 a2 39 19 f5 82 3c 42 a9 4e 6e f5 3b c3 2e db 8d c0 b0 5c f3 59 38 e7 ed cf 69 f0 5a 0b 1b be c0 94 24 25 87 fa 37 71 b3 13 e7 1c ac e1 9b ef db e4 3b 45 52 45 96 a9 c1 53 ce 34 c8 52 ee b5 ae ed 8f de 60 70 e2 a5 54 ab b6 6d 0e 97 a5 40 34 6b 2b d3 bc 66 eb 66 34 7c fa 6b 8b 8f 57 29 99 f8 30 17 5d ba 72 6f fb 81 c5 ad d2 86 58 3d 17 c7 e7 09 bb f1 2b f7 86 dc c1 da 71 5d d4 46 e3 cc ad 25 c1 88 bc 60 67 75 66 b3 f1 18 f7 a2 5c e6 53 ff 3a 88 b6 47 a5 ff 13 18 ea 98 09 77 3f 9d 53 f9 cf 01 e5 f5 a6 70 17 14 af 63 a4 ff 99 b3 93 9d dc 53 a7 06 fe 48 85 1d a1 69 ae 25 75 bb 13 cc 52 03 f5 ed 51 a1 8b db 15 02 03 01 00 01


So is there a way to download the new ca-bundle.crt in the interim? October 5th is a longways to go without uploading or downloading WU's. If BOINC is going to force the validity of certificates, then the updated file needs to be made available.

Copyright © 2025 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.