| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: BOINC Agent Support
Thread: FreeBSD self signed certificate error |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 27
|
|
| Author |
|
|
keithf4
Cruncher Joined: Jun 9, 2014 Post Count: 1 Status: Offline Project Badges: 
|
The ca-bundle.crt file file in /var/db/boinc that is installed by the package is actually just a symlink
lrwxr-xr-x 1 boinc nobody 38 Feb 5 00:09 ca-bundle.crt -> /usr/local/share/certs/ca-root-nss.crt I backed that up by creating a new symlink (just so I don't forget where it pointed to) lrwxr-xr-x 1 boinc nobody 38 Feb 5 00:09 ca-bundle.crt.orig -> /usr/local/share/certs/ca-root-nss.crt Then I deleted the original symlink and grabbed a copy of the ca-bundle.crt from the linux self-extracting binary install file (as someone mentioned above). Replaced that file in the /var/db/boinc folder, restarted boinc and now everything is working! That should allow you to keep the native ca-root-nss.crt that other applications may need and let WCG do what it needs to do. |
||
|
|
Papa3
Senior Cruncher Joined: Apr 23, 2006 Post Count: 360 Status: Offline Project Badges: 
|
boinc127, would you mind taking a look at this thread? http://www.worldcommunitygrid.org/forums/wcg/viewthread_thread,37694
|
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Hadn't noticed that my home system hadn't been working since December....
Couldn't tell if it, when, how it was running in this CA problem....but did some additional digging of my own... identified the certs present on my Linux machine, but not in the ca-root-nss.crt file (where the latest version says 23 untrusted roots have been omitted.) There were only a few roots present on Linux, but not here....from examining those roots, I narrowed down to two likely candidates. Thawte Premium Server CA -- 1024 bit key with an md5... signature Thawte Server CA -- 1024 bit key with an md5... signature At first I appended both to a local copy of the file, and then I was able to connect. But, then I wanted to find out which one specifically (even though I'll only alter ca-bundle.crt for boinc and not globally), for my notes....for when I come back later and wondering why I did anything. The thawte certs present on FreeBSD currently are: thawte Primary Root CA => 2048 bit with sha1... signature thawte Primary Root CA - G2 => elliptical curve... sha384 thawte Primary Root CA - G3 => 2048 bit with sha256... signature OTOH, the problem should go away on or before the end of July 29th, when the current certificate for scheduler.worldcommunity.org expires. The Dreamer. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
We've never seen the ca-bundle.crt to cause expiry messages, except if the system date is faultily way back in time to before when the certs start. It'd be interesting as all platforms get the same bundle, but inside there are some certs that go way past 2030 [saw this on Windows]. When looking at my Ubuntu, BOINC has a symlinked file named ca-bundle.crt which connects to ca-certificates.crt i.e. the RPM version is not using the ca-bundle.crt that comes with BOINC. The Thawte in there expire 31/12/2020
Funny about July 29, as that is when Windows 10 is supposed to be launched. :O On second thought, were you referring to the server side certificate expiration? In past there was something about that... hope the techs renew that one if so. @Techs: Hope you're reading. |
||
|
|
ErikaT
Former World Community Grid Admin USA Joined: Apr 27, 2009 Post Count: 912 Status: Offline Project Badges: 
|
@Techs: Hope you're reading. Yes, they've been notified.Thanks, ErikaT |
||
|
|
uplinger
Former World Community Grid Tech Joined: May 23, 2005 Post Count: 3952 Status: Offline Project Badges: 
|
Yes, we are working on it. They should be updated shortly.
Thanks, -Uplinger |
||
|
|
knreed
Former World Community Grid Tech Joined: Nov 8, 2004 Post Count: 4504 Status: Offline Project Badges: 
|
We have updated the certificates for World Community Grid. They are now good through August 2017. There shouldn't be any issues, but let us know if anyone sees anything.
|
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
I'm not quite sure if this is related, it started today (p.s.: yesterday / 10th that is, it's just past midnight here) :
----------------------------------------11.07.2015 01:31:00 Sending scheduler request: To fetch work. Requesting 11262 seconds of work, reporting 0 completed tasks Uploads don't work anymore either. Both systems (Win XP x86) affected are CC 5.10.28, whereas a CC 7.4.36 (manual) update works (version problem?) but otoh. the 7.4.36 didn't have contact to WCG for quite a while, so it might have had nothing about this connection cached. edit : CC restart didn't help :-/ edit2: Updating the ca-bundle.crt file from the newer BOINC version + restart didn't help either. The host basically can connect to the scheduler URL (checked with Mozilla) [Edit 5 times, last edit by Former Member at Jul 11, 2015 12:32:25 AM] |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
I did something bad but it worked for the results I have ... as http and https point to the same base URL, editing out the "s" from the upload URL protocols helped (for now).
----------------------------------------It did not help for the scheduler URL though :-( ... detach + re-attach didn't help either, now it refuses to contact the scheduler completely :-( Oh well, no WCG for me anymore then [Edit 3 times, last edit by Former Member at Jul 11, 2015 1:24:28 AM] |
||
|
|
Mumak
Senior Cruncher Joined: Dec 7, 2012 Post Count: 477 Status: Offline Project Badges: 
|
Could this be because of SHA-1 -> SHA-256 change on the server ?
---------------------------------------- |
||
|
|
|