| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: BOINC Agent Support
Thread: Peer certificate cannot be authenticated with known CA certificates |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 72
|
|
| Author |
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
For all of you watching at home, the <report_results_immediately> flag goes into the <options> area of the cc_config.xml which will also go into the same data directory as the other xml files go.
----------------------------------------[Edit 1 times, last edit by Former Member at Apr 3, 2008 8:00:50 PM] |
||
|
|
rpperezr
Cruncher Joined: Feb 8, 2008 Post Count: 4 Status: Offline |
Hello anyone!
I need some help. I've trying to re-activate WCG in my BOINC client, but till moment, I can't. I get the error message wich heads this thread. Here goes some data: 02/06/2008 0:32:25||Starting BOINC client version 5.10.45 for windows_intelx86 02/06/2008 0:32:25||log flags: task, file_xfer, sched_ops 02/06/2008 0:32:25||Libraries: libcurl/7.18.0 OpenSSL/0.9.8e zlib/1.2.3 02/06/2008 0:32:25||Executing as a daemon 02/06/2008 0:32:25||Data directory: C:\BOINC 02/06/2008 0:32:25||Processor: 4 GenuineIntel Intel(R) Core(TM)2 Quad CPU @ 2.40GHz [x86 Family 6 Model 15 Stepping 7] 02/06/2008 0:32:25||Processor features: fpu tsc pae nx sse sse2 pni mmx 02/06/2008 0:32:25||OS: Microsoft Windows Vista: Home Edition, Service Pack 1, (06.00.6001.00) 02/06/2008 0:32:25||Memory: 2.00 GB physical, 4.23 GB virtual 02/06/2008 0:32:25||Disk: 224.88 GB total, 150.93 GB free 02/06/2008 0:32:25||Local time is UTC +2 hours 02/06/2008 0:32:25|http://www.worldcommunitygrid.org/|URL: http://www.worldcommunitygrid.org/; Computer ID: not assigned yet; location: (none); project prefs: default 02/06/2008 0:32:25||General prefs: from http://bam.boincstats.com/ (last modified 26-Mar-2008 11:11:04) 02/06/2008 0:32:26||Host location: home 02/06/2008 0:32:26||General prefs: using separate prefs for home 02/06/2008 0:32:26||Reading preferences override file 02/06/2008 0:32:26||Preferences limit memory usage when active to 1227.46MB 02/06/2008 0:32:26||Preferences limit memory usage when idle to 1636.61MB 02/06/2008 0:32:26||Preferences limit disk usage to 2.79GB I've switch on the http_debug parameter and get this: 02/06/2008 0:40:03|http://www.worldcommunitygrid.org/|Sending scheduler request: Requested by user. Requesting 45011 seconds of work, reporting 0 completed tasks 02/06/2008 0:40:03||[http_debug] HTTP_OP::init_post(): https://secure.worldcommunitygrid.org/boinc/wcg_cgi/fcgi 02/06/2008 0:40:04||[http_debug] [ID#3] info: About to connect() to secure.worldcommunitygrid.org port 443 (#1) 02/06/2008 0:40:04||[http_debug] [ID#3] info: Trying 129.33.89.133... 02/06/2008 0:40:04||[http_debug] [ID#3] info: Connected to secure.worldcommunitygrid.org (129.33.89.133) port 443 (#1) 02/06/2008 0:40:05||[http_debug] [ID#3] info: successfully set certificate verify locations: 02/06/2008 0:40:05||[http_debug] [ID#3] info: CAfile: ca-bundle.crt CApath: none 02/06/2008 0:40:05||[http_debug] [ID#3] info: SSLv2, Client hello (1): 02/06/2008 0:40:06||[http_debug] [ID#3] info: SSLv3, TLS handshake, Server hello (2): 02/06/2008 0:40:06||[http_debug] [ID#3] info: SSLv3, TLS handshake, CERT (11): 02/06/2008 0:40:06||[http_debug] [ID#3] info: SSLv3, TLS alert, Server hello (2): 02/06/2008 0:40:06||[http_debug] [ID#3] info: SSL certificate problem, verify that the CA cert is OK. Details:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 02/06/2008 0:40:06||[http_debug] [ID#3] info: Expire cleared 02/06/2008 0:40:06||[http_debug] [ID#3] info: Connection #1 to host secure.worldcommunitygrid.org left intact 02/06/2008 0:40:06||[http_debug] HTTP error: Peer certificate cannot be authenticated with known CA certificates Any idea? Thanks in advance. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Okay, I'm going to take a leap in the dark and assume that this error means that ca-bundle.crt is missing or inaccessible.
Please try the instructions here: http://boinc.berkeley.edu/trac/wiki/Error/Scheduler%20request%20failed (second item down). Let me know if this solves the problem, or changes the error you get. |
||
|
|
rpperezr
Cruncher Joined: Feb 8, 2008 Post Count: 4 Status: Offline |
Thank you, Didactylos for your leap.
----------------------------------------I had already checked both things. In fact, I had read the whole thread before asking. Nevertheless, let me show you a printscreen of my BOINC directory and my system clock  As you can see, my data directory is C:\BOINC and there is the cert. Thanks again. **EDIT: Although I've selected GMT+1 at my forum preferences which corresponds to Spain, my real time is one hour later than the showed in the post due to daylight saving time. [Edit 4 times, last edit by rpperezr at Jun 2, 2008 5:53:14 PM] |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
I know the clock was right: the date is shown in your log. Certificate failure due to date only happen if the clock is off by years.
I also expected the file to be present - on Windows, it is almost impossible that it shouldn't be. But something may be preventing BOINC from reading it. There are two main possibilities: the file is corrupt or has the wrong permissions, or some security software on your computer is blocking it. I see from your screenshot that you are attached to several projects, and use at least one third party BOINC utility. With this in mind, I suggest you try a clean installation of BOINC, and see if the problem persists. The alternative is to go hunting for reasons why the file can't be read, or go into the less likely possibilities. I recommend reinstalling BOINC instead. Don't just install over the existing installation - uninstall then delete all the files that are left behind. This will lose all work in progress, so finish up any work units you want to complete first. |
||
|
|
Sekerob
Ace Cruncher Joined: Jul 24, 2005 Post Count: 20043 Status: Offline |
My certificate copy has an expiration date of 11 Luglio 2009
----------------------------------------
WCG
Please help to make the Forums an enjoyable experience for All! |
||
|
|
rpperezr
Cruncher Joined: Feb 8, 2008 Post Count: 4 Status: Offline |
There are two main possibilities: the file is corrupt or has the wrong permissions, or some security software on your computer is blocking it. The alternative is to go hunting... Before making fresh installation of BOINC I've chosen to go hunting. As you (very well) say, there are only two (or three) possibilities. File corruption was directly discarded: yesterday night I changed the cert for other "fresh" one. Review permissions for one file is not hard nor difficult and it takes only one minute. But if the solution is your third... there is the firewall (Kaspersky suite) as the main suspect. Disable it at all took ten seconds et... voila! WCG began to work properly. After that, configurate Kaspersky was easier cause I knew what I was looking for. Thank you very much Didactylos (now I realize what coaching is) ;-) |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Excellent!
To help other people who experience this, please will you tell us exactly what does need changing in the Kaspersky configuration? Thank you. |
||
|
|
rpperezr
Cruncher Joined: Feb 8, 2008 Post Count: 4 Status: Offline |
Excellent! To help other people who experience this, please will you tell us exactly what does need changing in the Kaspersky configuration? Thank you. Sure! Kaspersky settings, section "Threats and exclusions"; subsection "Exclusions" 1. Push "Trusted zone..." button 2. Push "Add..." button 3. Push "Browse..." button and select (your_path)boinc.exe 4. In Properties mark option: "Do not scan network traffic" 5. In Rule description: 5a. Click on underlined word in "Do not scan all network traffic" until it changes to "Do not scan encrypted network traffic" 5b. Keep the other options in the way they appear: "at any remote host and at any remote port". 6. Ok three times That's all. Hope it helps to someone else. Saludos. |
||
|
|
[AF>EDLS]GuL
Cruncher Joined: Feb 15, 2006 Post Count: 19 Status: Offline Project Badges: 
|
Hello everybody,
I have the CA certificate error, but with totally different circumstances : 3 of my computers work under linux ubuntu 8.10 with boinc 6.2.12 and were previously under windows XP or vista. WCG used to work perfectly. All other projects work perfectly on those computers under linux. I have got only errors with WCG: jeu 20 nov 2008 21:41:59 CET||Contacting account manager at http://bam.boincstats.com/ jeu 20 nov 2008 21:42:03 CET||Account manager: BAM! User-ID: 1674 jeu 20 nov 2008 21:42:03 CET||Account manager: BAM! Host-ID: 117032 jeu 20 nov 2008 21:42:03 CET||Account manager: This host connected 1251 times to BAM! jeu 20 nov 2008 21:42:03 CET||Account manager contact succeeded jeu 20 nov 2008 21:42:49 CET|ABC@home|Computation for task abc_wu_18465105999000_8450000_0 finished jeu 20 nov 2008 21:42:49 CET|ABC@home|Starting abc_wu_16654618723000_5405000_2 jeu 20 nov 2008 21:42:49 CET|ABC@home|Starting task abc_wu_16654618723000_5405000_2 using abc-finder version 103 jeu 20 nov 2008 21:42:51 CET|ABC@home|Started upload of abc_wu_18465105999000_8450000_0_0 jeu 20 nov 2008 21:42:57 CET|ABC@home|Finished upload of abc_wu_18465105999000_8450000_0_0 jeu 20 nov 2008 22:08:14 CET|http://www.worldcommunitygrid.org Sending scheduler request: Requested by account manager. Requesting 3078 seconds of work, reporting 0 completed tasks jeu 20 nov 2008 22:08:15 CET||Project communication failed: attempting access to reference site jeu 20 nov 2008 22:08:16 CET||Internet access OK - project servers may be temporarily down. jeu 20 nov 2008 22:08:19 CET|http://www.worldcommunitygrid.org Scheduler request failed: Peer certificate cannot be authenticated with known CA certificates Is it possible that the computers are not recognized due to the previous windows ID ? Does WCG uses the mac adress or something like this ? Thanks a lot GuL |
||
|
|
|