| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: BOINC Agent Support
Thread: Peer certificate cannot be authenticated with given CA certificates |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 11
|
|
| Author |
|
|
Ian Cantwell
Cruncher Joined: Jul 19, 2013 Post Count: 15 Status: Offline Project Badges: 
|
I am not sure if relevant here. I have two computers one uploads & downloads no problem (connected directly with WCG). the 2nd (2 CPU on Windows 7, connected via Boinc) last night is stuck with a mix of finished units to upload & ready to reports. According to event log: "Peer certificate cannot be authenticated with given CA certificates". I only run WCG on it but tried another and got same response
----------------------------------------[edited post to change title to be more relevant so that others that might have the same issue will see it - knreed] [Edit 1 times, last edit by knreed at Jul 2, 2020 1:36:45 PM] |
||
|
|
knreed
Former World Community Grid Tech Joined: Nov 8, 2004 Post Count: 4504 Status: Offline Project Badges:
|
We updated our SSL certificate yesterday (the previous one was going to expire later this month). If you are running a version of BOINC older than 7.2.47 then you won't be able to connect and you will see that message.
----------------------------------------Looking at your hosts in the database it shows a windows 7, 2 core computer running version 7.2.33 of the client. I suspect this is the one that you are mentioning. If you update that to either the WCG latest version from the download link or the latest version from the BOINC website then you will be able to resume contributing on that computer. [Edit 1 times, last edit by knreed at Jul 2, 2020 1:36:55 PM] |
||
|
|
PMH_UK
Veteran Cruncher UK Joined: Apr 26, 2007 Post Count: 786 Status: Offline Project Badges: 
|
I have some Linux PCs with 7.2.42 which are working OK.
----------------------------------------Will these fail at some point? Also could the certificate renewal be a factor in the double WCG attachments for BAM users in "Ghost" and other threads. Paul.
Paul.
|
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Your BOINC is likely relying on a different certificate set, but the problem should in principle be resolved by getting a fresh ca-bundle.crt, although that too seems to have issues v.v. the source. See post by Ageless.
It's amazing how 'We updated our SSL certificate yesterday' and then silence if anything on the member side blows up and when it does... say no more. |
||
|
|
knreed
Former World Community Grid Tech Joined: Nov 8, 2004 Post Count: 4504 Status: Offline Project Badges:
|
Your BOINC is likely relying on a different certificate set, but the problem should in principle be resolved by getting a fresh ca-bundle.crt, although that too seems to have issues v.v. the source. See post by Ageless. It's amazing how 'We updated our SSL certificate yesterday' and then silence if anything on the member side blows up and when it does... say no more. So we tested multiple different versions of BOINC including the last of the 6.10, 7.0 and 7.2 line of clients. Only the 6.10 and 7.10 on Windows and Mac versions failed in this testing. We sent out a series of three emails to users still running the 6.10 and 7.0 versions of the client on Windows and Mac to make them aware and to encourage them to update their client versions. I missed the fact that in that earlier versions in the 7.2 line, such as the 7.2.33 version, didn't have the updated ca-bundle.crt file and those users and should have been contacted as well. We are going to be sending an email to these users in the near future. The issue doesn't impact Linux because the trusted root certificate bundles and the version of openssl used on them is updated through the operating system. [Edit 1 times, last edit by knreed at Jul 2, 2020 5:05:14 PM] |
||
|
|
knreed
Former World Community Grid Tech Joined: Nov 8, 2004 Post Count: 4504 Status: Offline Project Badges:
|
Also could the certificate renewal be a factor in the double WCG attachments for BAM users in "Ghost" and other threads. No. That was caused by BAM using a different master url for us. The BOINC client considers http://www.worldcommunitygrid.org and https://www.worldcommunitygrid.org to be different projects due to the protocol difference. As a result of this, when BAM updated the master URL, it caused the duplicate attach issues. David Anderson implemented a change so that in the next version of the client, it will finally treat the two URLs as the same project. |
||
|
|
Jacob Klein
Cruncher Joined: May 31, 2007 Post Count: 28 Status: Offline Project Badges:
|
After I fixed the strange BAM+WCG detach/reattach issue, on all my hosts ... It seems to me that BAM is currently using the http URL. Did it change it from https to http ?? And was that expected/desired?
----------------------------------------[Edit 1 times, last edit by Jacob Klein at Jul 3, 2020 12:29:02 AM] |
||
|
|
Crystal Pellet
Veteran Cruncher Joined: May 21, 2008 Post Count: 1403 Status: Offline Project Badges: 
|
In the all_projects_list.xml it's http, but Willy accidentally changed it for BAM! to https and has corrected his mistake later.
----------------------------------------[Edit 1 times, last edit by Crystal Pellet at Jul 3, 2020 7:16:23 AM] |
||
|
|
Jacob Klein
Cruncher Joined: May 31, 2007 Post Count: 28 Status: Offline Project Badges:
|
Thank you for the reply and the link.
|
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Your BOINC is likely relying on a different certificate set, but the problem should in principle be resolved by getting a fresh ca-bundle.crt, although that too seems to have issues v.v. the source. See post by Ageless. It's amazing how 'We updated our SSL certificate yesterday' and then silence if anything on the member side blows up and when it does... say no more. So we tested multiple different versions of BOINC including the last of the 6.10, 7.0 and 7.2 line of clients. Only the 6.10 and 7.10 on Windows and Mac versions failed in this testing. We sent out a series of three emails to users still running the 6.10 and 7.0 versions of the client on Windows and Mac to make them aware and to encourage them to update their client versions. I missed the fact that in that earlier versions in the 7.2 line, such as the 7.2.33 version, didn't have the updated ca-bundle.crt file and those users and should have been contacted as well. We are going to be sending an email to these users in the near future. The issue doesn't impact Linux because the trusted root certificate bundles and the version of openssl used on them is updated through the operating system. Why this path of emailing was chosen without making an announcement on the forums or in news/notices what you were doing I'll not ask but would recommend you do in future in such matters. Murphy is ever present. |
||
|
|
|