| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: BOINC Agent Support
Thread: CA certificate issue |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 23
|
|
| Author |
|
|
Sorian
Cruncher United States Joined: Dec 31, 2006 Post Count: 9 Status: Offline Project Badges: 
|
Thanks guys, following the link from Lawrence showed that the CA Cert is the same as the one in the link.
----------------------------------------Now, where do I find a replacement Cert that has valid date range? Additional info: Was Win XP on OP, now is Win 7 x64 Was Boinc 7.0.64, now is 7.2.33 When I posted this my computer more or less killed itself on something and was rebuilt OS/software. I just installed the newest version of the manager program (less than an hour from this post). Date and time are set correctly. [Edit 1 times, last edit by Sorian at Dec 3, 2013 2:41:11 PM] |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
As the name of the file says it's a 'bundle'. The file contains certificates valid through about 2036 and needs no replacement. In your case something else is more probable... the certificate data is getting mangled underway to WCG. Maybe a [company]proxy or some other security hurdle. You can add some log flags to the cc_config.xml file which then prints at what step the certification fails.
----------------------------------------edit: The FAQ link Lawrence provided explains what needs to be put in the config file. [Edit 1 times, last edit by Former Member at Dec 3, 2013 2:37:22 PM] |
||
|
|
Sorian
Cruncher United States Joined: Dec 31, 2006 Post Count: 9 Status: Offline Project Badges:
|
Here is the log file after adding cc_config.xml:
----------------------------------------12/3/2013 8:47:08 AM | World Community Grid | update requested by user 12/3/2013 8:47:13 AM | World Community Grid | Sending scheduler request: Requested by user. 12/3/2013 8:47:13 AM | World Community Grid | Requesting new tasks for CPU 12/3/2013 8:47:13 AM | World Community Grid | [http] HTTP_OP::init_post(): https://scheduler.worldcommunitygrid.org/boinc/wcg_cgi/fcgi 12/3/2013 8:47:13 AM | World Community Grid | [http] HTTP_OP::libcurl_exec(): ca-bundle set 12/3/2013 8:47:13 AM | | [proxy] HTTP_OP::no_proxy_for_url(): https://scheduler.worldcommunitygrid.org/boinc/wcg_cgi/fcgi 12/3/2013 8:47:13 AM | | [proxy] returning false 12/3/2013 8:47:13 AM | World Community Grid | [http] [ID#1] Info: Connection #0 seems to be dead! 12/3/2013 8:47:13 AM | World Community Grid | [http] [ID#1] Info: Closing connection #0 12/3/2013 8:47:13 AM | World Community Grid | [http] [ID#1] Info: Connection #1 seems to be dead! 12/3/2013 8:47:13 AM | World Community Grid | [http] [ID#1] Info: Closing connection #1 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: About to connect() to scheduler.worldcommunitygrid.org port 443 (#0) 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: Trying 198.20.8.246... 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: Connected to scheduler.worldcommunitygrid.org (198.20.8.246) port 443 (#0) 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: Connected to scheduler.worldcommunitygrid.org (198.20.8.246) port 443 (#0) 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: successfully set certificate verify locations: 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: CAfile: C:\Program Files\BOINC\ca-bundle.crt 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: CApath: none 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: SSLv3, TLS handshake, Client hello (1): 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: SSLv3, TLS handshake, Server hello (2): 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: SSLv3, TLS handshake, CERT (11): 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: SSLv3, TLS alert, Server hello (2): 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: SSL certificate problem, verify that the CA cert is OK. Details: 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: Closing connection #0 12/3/2013 8:47:14 AM | World Community Grid | [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates 12/3/2013 8:47:14 AM | World Community Grid | Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates 12/3/2013 8:47:15 AM | | [proxy] automatic proxy check in progress 12/3/2013 8:47:17 AM | | [proxy] no automatic proxy detected 12/3/2013 8:47:17 AM | | Project communication failed: attempting access to reference site 12/3/2013 8:47:17 AM | | [http] HTTP_OP::init_get(): http://www.google.com/ 12/3/2013 8:47:17 AM | | [http] HTTP_OP::libcurl_exec(): ca-bundle set 12/3/2013 8:47:17 AM | | [proxy] HTTP_OP::no_proxy_for_url(): http://www.google.com/ 12/3/2013 8:47:17 AM | | [proxy] returning false 12/3/2013 8:47:17 AM | | [http] [ID#0] Info: Re-using existing connection! (#2) with host (nil) 12/3/2013 8:47:17 AM | | [http] [ID#0] Info: Connected to (nil) (74.125.227.179) port 80 (#2) 12/3/2013 8:47:17 AM | | [http] [ID#0] Sent header to server: GET / HTTP/1.1 12/3/2013 8:47:17 AM | | [http] [ID#0] Sent header to server: User-Agent: BOINC client (windows_x86_64 7.2.33) 12/3/2013 8:47:17 AM | | [http] [ID#0] Sent header to server: Host: www.google.com 12/3/2013 8:47:17 AM | | [http] [ID#0] Sent header to server: Accept: */* 12/3/2013 8:47:17 AM | | [http] [ID#0] Sent header to server: Accept-Encoding: deflate, gzip 12/3/2013 8:47:17 AM | | [http] [ID#0] Sent header to server: Content-Type: application/x-www-form-urlencoded 12/3/2013 8:47:17 AM | | [http] [ID#0] Sent header to server: 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: HTTP/1.1 200 OK 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: Date: Tue, 03 Dec 2013 14:47:18 GMT 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: Expires: -1 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: Cache-Control: private, max-age=0 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: Content-Type: text/html; charset=ISO-8859-1 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: Set-Cookie: PREF=ID=34dd89a8cf70039c:FF=0:TM=1386082038:LM=1386082038:S=BHOW2lf2fwmnwoTn; expires=Thu, 03-Dec-2015 14:47:18 GMT; path=/; domain=.google.com 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: Set-Cookie: NID=67=jpnfBqjC-YlUiEwm2AhQcxGn0T1Ydl4g1luP_f0FEFY90Heko9qUkHKufGgalU0CuCAcTcLXyqNLyEVS6KxkoEjjfoSnUu3NcC9ap2sdsWKjR 94ooKytWJj6nEA22Axx; expires=Wed, 04-Jun-2014 14:47:18 GMT; path=/; domain=.google.com; HttpOnly 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: Server: gws 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: X-XSS-Protection: 1; mode=block 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: X-Frame-Options: SAMEORIGIN 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: Alternate-Protocol: 80:quic 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: Content-Length: 12737 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: Age: 0 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: Via: 1.1 localhost.localdomain 12/3/2013 8:47:18 AM | | [http] [ID#0] Received header from server: 12/3/2013 8:47:18 AM | | [http_xfer] [ID#0] HTTP: wrote 1432 bytes 12/3/2013 8:47:18 AM | | [http_xfer] [ID#0] HTTP: wrote 1432 bytes 12/3/2013 8:47:18 AM | | [http_xfer] [ID#0] HTTP: wrote 1432 bytes 12/3/2013 8:47:18 AM | | [http_xfer] [ID#0] HTTP: wrote 4296 bytes 12/3/2013 8:47:18 AM | | [http_xfer] [ID#0] HTTP: wrote 1432 bytes 12/3/2013 8:47:18 AM | | [http_xfer] [ID#0] HTTP: wrote 2713 bytes 12/3/2013 8:47:18 AM | | [http] [ID#0] Info: Connection #2 to host (nil) left intact 12/3/2013 8:47:18 AM | | Internet access OK - project servers may be temporarily down. [Edit 1 times, last edit by Sorian at Dec 3, 2013 2:50:38 PM] |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Sorry, did not see your reply before. Maybe, as some have to, you'd have to add the http 1.0 and basic proxy pass in the <options> section of cc_config.xml
<force_auth>basic</force_auth> <http_1_0>0</http_1_0> At any rate, the log says the CA is found, but then 12/3/2013 8:47:14 AM | World Community Grid | [http] [ID#1] Info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Don't understand why. Need a tech to look at. |
||
|
|
Sorian
Cruncher United States Joined: Dec 31, 2006 Post Count: 9 Status: Offline Project Badges:
|
Just added those in, no change.
|
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Did you do a client restart after adding those line? [a read in does not always take hold with cc_config.xml]
Did a deep search of the forums and found 4 past hits: http://www.worldcommunitygrid.org/forums/wcg/...=0&sort=1&rows=20 There are some answers and solutions there, but do not 100% know if they apply to you. Certainly I'd delete the ca-bundle.crt file, uninstall BOINC and install again. Select in the advanced screen to run as service [protected mode execution]. Google pops up a series with the exact same, but see no ready answer... always seem to go back to something Linux related. https://www.google.it/search?q=error:14090086...ei=r_qlUqz2JMHhywOG6YDQAQ |
||
|
|
uplinger
Former World Community Grid Tech Joined: May 23, 2005 Post Count: 3952 Status: Offline Project Badges: 
|
Sorian,
You can try to replace the ca-bundle.crt file with the latest from berkeley. http://boinc.berkeley.edu/trac/browser/boinc-v2/curl/ca-bundle.crt On that page, you'll see a button for "downloading". Before replacing the files, make sure BOINC is shut off. Also, are you by chance running this machine within a corporate environment? Thanks, -Uplinger |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Yesterday discovered 2, new to me, cc_config options
<use_certs>0|1</use_certs> Accept applications signed using X509 certificates, as well as those that have BOINC signatures. <use_certs_only>0|1</use_certs_only> Accept only applications signed with X509 certificates. New in 6.3.11 Don't think they apply to WCG [apps are not signed FAIK]. As noted by Uplinger and self, something on the route mangles the certification data... proxy, ISP, comp network, firewall, AV (and there some aggressive bastardos in that field). Only techs can match the detail log trace posted with what's logged at WCGs end. Synchronize your watches and make an appointment. Ugly, as I commented on the forums some days ago, found that a BOINC v7 test installation was halted because the web-browser was running. After closing the browser the installation completed. Seeing a cookie line in the detail event log, now even web-browsers and their add-ins become suspect in the matter. Unload the browser, set it to wipe cache/cookies on exit and maybe a miracle. |
||
|
|
Sorian
Cruncher United States Joined: Dec 31, 2006 Post Count: 9 Status: Offline Project Badges:
|
Yes, each time I make a change to the config or the CA bundle I have Boinc closed.
Replacing the CA bundle had no change. Installed on a spare PC that never had Boinc, same problem. Yes, I am on a corporate network, but this used to work. Need to talk with the LAN team and see if something changed. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Doublecheck system time and date, time zone and time syncronization parameters
|
||
|
|
|