Peer certificate cannot be authenticated with given CA certificates

Message boards : Number crunching : Peer certificate cannot be authenticated with given CA certificates
Message board moderation

To post messages, you must log in.

AuthorMessage
Crystal Pellet

Send message
Joined: 26 Oct 20
Posts: 53
Credit: 2,518,594
RAC: 0
Message 1235 - Posted: 30 Sep 2021, 14:07:20 UTC

SiDock@home 30 Sep 14:03:19 UTC Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates

Certificates outdated?
ID: 1235 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile Michael H.W. Weber
Avatar

Send message
Joined: 7 Nov 20
Posts: 6
Credit: 10,995,522
RAC: 8
Message 1236 - Posted: 30 Sep 2021, 14:16:55 UTC - in response to Message 1235.  
Last modified: 30 Sep 2021, 14:39:30 UTC

...same notification over here. No more task up- or download possible for Windows.

Michael.
President of Rechenkraft.net - This world's first and largest distributed computing organization. We make those things possible that supercomputers don't.
ID: 1236 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
PMH_UK

Send message
Joined: 23 Dec 20
Posts: 15
Credit: 334,668
RAC: 0
Message 1237 - Posted: 30 Sep 2021, 14:32:51 UTC - in response to Message 1235.  

All OK here at 14:30 UTC on Ubuntu Linux 18.04 & 20.04 LTS.
No Windows systems here to check.

Paul.
ID: 1237 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Christopher Graesser

Send message
Joined: 14 Sep 21
Posts: 2
Credit: 604,286
RAC: 1,830
Message 1238 - Posted: 30 Sep 2021, 15:37:18 UTC

Maybe an issue regarding the expiring Let's Encrypt root certificate?
ID: 1238 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Dadu from Silesia

Send message
Joined: 30 Apr 21
Posts: 1
Credit: 308,109
RAC: 0
Message 1239 - Posted: 30 Sep 2021, 17:02:13 UTC

Same problem on win 10, boinc 7.14.2 x64
ID: 1239 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
sam6861

Send message
Joined: 28 Dec 20
Posts: 10
Credit: 4,335,785
RAC: 25,895
Message 1244 - Posted: 30 Sep 2021, 18:34:42 UTC

Windows 10 with BOINC 7.16.11
Thu 30 Sep 2021 01:26:57 PM CDT | SiDock@home | Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates.

Works fine: BOINC version 7.16.16 on Linux Debian 11 bullseye on both my Linux computers (32 bit anonymous platform and 64 bit).
ID: 1244 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Falconet

Send message
Joined: 24 Oct 20
Posts: 23
Credit: 9,020
RAC: 0
Message 1246 - Posted: 30 Sep 2021, 18:54:32 UTC
Last modified: 30 Sep 2021, 19:11:06 UTC

Hmm, I get the same for the Wuprop project.
Sounds like it may not be project specific.

I think happened at least once before a few years ago and it had to do with the certificates provided by the BOINC client.


Edit 1: Ok, user Den777 at Wuprop posted this.
If you have a Linux PC, you can just copy the file from there and paste it on Windows.

Edit: 2: There's a thread at the BOINC Forums. The root cause of the error is explained there.

Hopefully a new BOINC version is launched soon.
ID: 1246 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Crystal Pellet

Send message
Joined: 26 Oct 20
Posts: 53
Credit: 2,518,594
RAC: 0
Message 1255 - Posted: 1 Oct 2021, 11:08:59 UTC

One of the given CA certificates in BOINC's client certificate bundle stored in the file ca-bundle.crt is "DST Root CA X3"
The valid period of that certificate ended 30 September 2021 and that CA in ca_bundle.crt should be updated/removed by BOINC.
The file is stored locally on the client side in BOINC's Program folder, so no server issue.
ID: 1255 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
pschoefer
Avatar

Send message
Joined: 1 Jan 21
Posts: 9
Credit: 2,077,284
RAC: 1
Message 1256 - Posted: 1 Oct 2021, 11:35:31 UTC - in response to Message 1255.  

The file is stored locally on the client side in BOINC's Program folder, so no server issue.

There appears to be a server-side workaround, however, namely renewing the letsencrypt certificate with the valid certificate chain as the preferred chain (i.e., certbot --preferred-chain "ISRG Root X1").
ID: 1256 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Killersocke

Send message
Joined: 30 Jul 21
Posts: 3
Credit: 836,492
RAC: 1,656
Message 1263 - Posted: 1 Oct 2021, 14:17:18 UTC
Last modified: 1 Oct 2021, 14:27:51 UTC

Ich habe dieses probiert und funktionierte

aus dem Tread
https://wuprop.boinc-af.org/forum_thread.php?id=575&postid=8360#8360
diesen Link gefolgt und diese ca Datei runter geladen
https://drive.google.com/file/d/1-zirSeFwap21lRABRLD6k_nlOHlXRLFe/view

In das Verzeichnis C:\Program Files\BOINC
die Originaldatei umbenannt und die ca-bundle.crt eingefügt.

Läuft
ID: 1263 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
hoarfrost
Volunteer moderator
Project administrator
Project developer

Send message
Joined: 11 Oct 20
Posts: 201
Credit: 15,126,267
RAC: 17,398
Message 1266 - Posted: 1 Oct 2021, 18:08:55 UTC - in response to Message 1256.  

The file is stored locally on the client side in BOINC's Program folder, so no server issue.

There appears to be a server-side workaround, however, namely renewing the letsencrypt certificate with the valid certificate chain as the preferred chain (i.e., certbot --preferred-chain "ISRG Root X1").

It killed access to www.sidock.si (not to sidock.sI) for 45 minutes, but now site returned to work. :)
ID: 1266 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
hoarfrost
Volunteer moderator
Project administrator
Project developer

Send message
Joined: 11 Oct 20
Posts: 201
Credit: 15,126,267
RAC: 17,398
Message 1268 - Posted: 1 Oct 2021, 18:34:40 UTC
Last modified: 1 Oct 2021, 18:36:34 UTC

After update ca-bundle.crt to this file: https://srbase.my-firewall.org/sr5/download/ca-bundle.crt, BOINC on my Windows 10 test VM resumed work.
ID: 1268 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote

Message boards : Number crunching : Peer certificate cannot be authenticated with given CA certificates

©2022 SiDock@home Team