Can't contact EAH Servers - Peer Certificate Cannot be Authenticated...

Donald A. Tevault
Donald A. Tevault
Joined: 17 Feb 06
Posts: 439
Credit: 73516529
RAC: 0

RE: RE: Hi Christian! To

Quote:
Quote:

Hi Christian!

To add to this mystery, I'm now having this exact same problem on two of my old PowerPC Macs. I set one of them up just last month, and never did get it to connect to Einstein. The other Mac is one that I set up a few years ago, and so it had an older version of BOINC. Today, I had to replace the hard drive after it failed. After doing a clean install of OS X Leopard and installing the current version of BOINC, it no longer connects, either. The error output from both machines is identical to what the Debian user has posted here.

Hi Donald,

i was running in same error. First thing i was replacing file ca-bundle.crt in /Library/Application Support/BOINC Data/ with a newer one. Happy to solved the problem i start boincclient and saddly noticed error messages, we run into SSL connect error ... hmpfff...
ok looks like openssl 0.9.7... is now really EOL, means old/latest BOINC Manager for PPC (6.12.35) isn't support meaningful SSL/encrypted connections anymore.

But Einstein scheduler server is also available through http instead of https, this information will be provided also in /Library/Application Support/BOINC Data/ at file client_state.xml.
Quit Boincmanager/Client and open this file in Textedit or vi/nano etc. and search for scheduler_url change then protocol https:// to http:// for serveradress looks like http://scheduler.einsteinathome.org/EinsteinAtHome_cgi/cgi
Safe this file and start boincmanager/client it should now be able to get workunits ...

Good to know, I'll give it a try. Many thanks!

Matt3223
Matt3223
Joined: 22 Jan 05
Posts: 54
Credit: 448298
RAC: 0

RE: Edit: Here is what I

Quote:

Edit: Here is what I did to get the missing certificate back. Please make sure you have the package downloaded before purging!

$ wget http://snapshot.debian.org/archive/debian/20141020T103752Z/pool/main/c/ca-certificates/ca-certificates_20141019_all.deb
$ sudo dpkg --purge --force-depends ca-certificates
$ sudo dpkg -i ca-certificates_20141019_all.deb

Hi all, thanks for working through this, I am a few miles below your levels of expertise, but I was also having this issue on LMDE 2 with the ...deb8u1 ca-certificates.

sudo apt-cache policy ca-certificates
 
ca-certificates:
  Installed: 20141019+deb8u1
  Candidate: 20141019+deb8u1
  Version table:
 *** 20141019+deb8u1 0
        500 http://ftp.us.debian.org/debian/ jessie/main amd64 Packages
        100 /var/lib/dpkg/status

I was able to perform the fix quoted above and after installing, I was able to attach to EAH.

I also did the :

sudo apt-mark hold ca-certificates

and am trucking along! Thanks again, much appreciated.

Christian Beer
Christian Beer
Joined: 9 Feb 05
Posts: 595
Credit: 188422244
RAC: 253946

I was informed that with the

I was informed that with the update to Debian Jessie 8.5 on June 4th a new OpenSSL version was introduced that fixes the problem with certificate validation. You can now unhold the ca-certificates package and update to 8.5 like this:

apt-get update
aptitude unhold ca-certificates
apt-get upgrade
KF7IJZ
KF7IJZ
Joined: 27 Feb 15
Posts: 110
Credit: 6108311
RAC: 0

RE: I was informed that

Quote:

I was informed that with the update to Debian Jessie 8.5 on June 4th a new OpenSSL version was introduced that fixes the problem with certificate validation. You can now unhold the ca-certificates package and update to 8.5 like this:

apt-get update
aptitude unhold ca-certificates
apt-get upgrade

Has this been confirmed?

My YouTube Channel: https://www.youtube.com/user/KF7IJZ
Follow me on Twitter: https://twitter.com/KF7IJZ

Christian Beer
Christian Beer
Joined: 9 Feb 05
Posts: 595
Credit: 188422244
RAC: 253946

Yes, I just tested this in

Yes, I just tested this in the same VM I used to confirm the bug which still had the old openssl version and new ca-certificates package. After doing the upgrade the scheduler connection worked again. I forgot to explicitly mention to restart boinc-client after upgrading just to make sure the new library is loaded.

KF7IJZ
KF7IJZ
Joined: 27 Feb 15
Posts: 110
Credit: 6108311
RAC: 0

Thanks! This will make

Thanks! This will make setting up E@H easier on Pi for new folks!

My YouTube Channel: https://www.youtube.com/user/KF7IJZ
Follow me on Twitter: https://twitter.com/KF7IJZ

KF7IJZ
KF7IJZ
Joined: 27 Feb 15
Posts: 110
Credit: 6108311
RAC: 0

I updated one of my Pis by

I updated one of my Pis by removing the hold and doing an apt-get upgrade. The ca-certificates package rolled forward (as did OpenSSL). I rebooted the Pi, and seen it successfully connect to the project and report results/get new work.

My YouTube Channel: https://www.youtube.com/user/KF7IJZ
Follow me on Twitter: https://twitter.com/KF7IJZ

hartacus
hartacus
Joined: 2 May 14
Posts: 9
Credit: 4990556
RAC: 0

Tested as working here as

Tested as working here as well, on both my RPi's

Raspberry Pi - Brian
Raspberry Pi - Brian
Joined: 23 Nov 15
Posts: 3
Credit: 179938
RAC: 0

RE: I was informed that

Quote:

I was informed that with the update to Debian Jessie 8.5 on June 4th a new OpenSSL version was introduced that fixes the problem with certificate validation. You can now unhold the ca-certificates package and update to 8.5 like this:

apt-get update
aptitude unhold ca-certificates
apt-get upgrade

For some reason, the aptitude command didn't work, so instead, I used:
sudo apt-mark unhold ca-certificates
and that worked.

Cheers,

// Brian

Expanding the edge of Science.

Richie
Richie
Joined: 7 Mar 14
Posts: 656
Credit: 1702989778
RAC: 0

I see this problem currently

I see this problem currently ...

20.11.2019 2:27:35 | Einstein@Home | Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates
20.11.2019 2:27:46 | | Project communication failed: attempting access to reference site
20.11.2019 2:27:47 | | Internet access OK - project servers may be temporarily down.

Looks like the scheduler isn't running at all. I guess I'm not the only one with this. My tasks statistics haven't been developing for a while and there's no backlog on validation. Maybe it's because no tasks are coming in from anybody, so the validator got nuthin' to do.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.