Certificate issue

Message boards : Number crunching : Certificate issue
Message board moderation

To post messages, you must log in.

1 · 2 · 3 · Next

AuthorMessage
lanbrown

Send message
Joined: 8 Sep 19
Posts: 10
Credit: 3,612,297,060
RAC: 1,419,053
Message 3422 - Posted: 30 Sep 2021, 16:07:54 UTC

So the latest root certificate from Let's Encrypt is not part of the ca-bundle.crt that is part of BOINC. So that is preventing uploads. I tried to add the root to the bundle but it didn't seem to help and I did close out of BOINC and restarted it. I haven't seen a new ca-bundle.crt from the client owners either. I'm sure more than just this project is going to be impacted.

I do wish you could tell the BOINC client to ignore certificate warnings since I'm not at all concerned about the traffic from the BOINC client to send and receive WU's.
ID: 3422 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
lanbrown

Send message
Joined: 8 Sep 19
Posts: 10
Credit: 3,612,297,060
RAC: 1,419,053
Message 3423 - Posted: 30 Sep 2021, 16:30:49 UTC - in response to Message 3422.  

So the BOINC site has this issue reported now:
https://boinc.berkeley.edu/forum_thread.php?id=14413
ID: 3423 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
KAMasud

Send message
Joined: 20 Oct 11
Posts: 48
Credit: 4,225,698,692
RAC: 8,445,946
Message 3432 - Posted: 1 Oct 2021, 5:24:46 UTC

I am uploading fine to CPDN, WCG, WUProp. Why only Collatz? I checked the certificate, it has not expired.
ID: 3432 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
KAMasud

Send message
Joined: 20 Oct 11
Posts: 48
Credit: 4,225,698,692
RAC: 8,445,946
Message 3436 - Posted: 1 Oct 2021, 12:14:15 UTC

If it helps. CPDN and other projects are in the same boat.
09/30/21 23:11:54 | climateprediction.net | Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates
ID: 3436 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
lanbrown

Send message
Joined: 8 Sep 19
Posts: 10
Credit: 3,612,297,060
RAC: 1,419,053
Message 3438 - Posted: 1 Oct 2021, 16:08:59 UTC - in response to Message 3432.  

I am uploading fine to CPDN, WCG, WUProp. Why only Collatz? I checked the certificate, it has not expired.


On Windows they use a local ca-bundle.crt file that other OS's don't have (they use the system root certificates) and in this file is an expired certificate that Let's Encrypt uses. This site/project uses a Let's Encrypt certificate. Remove the expired certificate from the file and the issue goes away or wait until October 5th and a new Windows client will be released which should have the updated file in it as well.
ID: 3438 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile Cesium_133*
Avatar

Send message
Joined: 26 Apr 11
Posts: 8
Credit: 347,313,341
RAC: 290,459
Message 3443 - Posted: 1 Oct 2021, 20:04:52 UTC

So will Collatz (and other projects) accept late work once this is resolved?

Also, my computer has this certificate as updated through 2028...
She's Hayley Westenra, the finest soprano on Earth today. Check out her music...
ID: 3443 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Hogey

Send message
Joined: 4 Nov 09
Posts: 1
Credit: 3,525,573,902
RAC: 1,231,999
Message 3447 - Posted: 2 Oct 2021, 10:37:30 UTC

Hi

Edit the file c:\Program Files\BOINC\ca-bundle.crt with administrative privileges, and remove the DST Root CA X3 expired certificate.

Notepad will do.

DST Root CA X3
==============
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK
ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X
DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1
cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT
rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9
UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy
xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d
utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T
AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ
MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug
dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE
GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw
RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS
fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

Worked for me, cleared the backlog and all working as it should
ID: 3447 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
James

Send message
Joined: 21 May 20
Posts: 2
Credit: 4,720,318,812
RAC: 8,183,080
Message 3452 - Posted: 2 Oct 2021, 15:53:57 UTC - in response to Message 3447.  

Thanks! that seemed to clear the logjam for me.
ID: 3452 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
KAMasud

Send message
Joined: 20 Oct 11
Posts: 48
Credit: 4,225,698,692
RAC: 8,445,946
Message 3459 - Posted: 3 Oct 2021, 9:28:25 UTC - in response to Message 3443.  
Last modified: 3 Oct 2021, 9:33:19 UTC

So will Collatz (and other projects) accept late work once this is resolved?

Also, my computer has this certificate as updated through 2028...

_________________________

My computer, also has valid up to 2028?
I do not understand.
Plus
##
## Bundle of CA Root Certificates
##
## Certificate data from Mozilla as of: Sun May 31 11:58:46 2020 GMT
##
## This is a bundle of X.509 certificates of public Certificate Authorities
## (CA). These were automatically extracted from Mozilla's root certificates
## file (certdata.txt). This file can be found in the mozilla source tree:
## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
##
## It contains the certificates in PEM format and therefore
## can be directly used with curl / libcurl / php_curl, or with
## an Apache+mod_ssl webserver for SSL client authentication.
## Just configure this file as the SSLCACertificateFile.
##
## Conversion done with mk-ca-bundle.pl version 1.28.
## SHA256: f3bdcd74612952da8476a9d4147f50b29ad0710b7dd95b4c8690500209986d70
##
and it contains a long list of certificates from different authorities.
ID: 3459 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
rcthardcore

Send message
Joined: 15 May 10
Posts: 12
Credit: 134,567,058
RAC: 42
Message 3467 - Posted: 4 Oct 2021, 3:02:19 UTC - in response to Message 3447.  

Worked for me too. Easily able to get more work units. Good job!
ID: 3467 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Sajjad Imam*

Send message
Joined: 9 Jul 12
Posts: 1
Credit: 884,987,316
RAC: 617,521
Message 3473 - Posted: 4 Oct 2021, 17:54:37 UTC - in response to Message 3447.  

Thanks! Worked like a charm for me. Also fixed WUProp@home, it was having problem connecting to the server.
ID: 3473 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile mikey
Avatar

Send message
Joined: 11 Aug 09
Posts: 931
Credit: 24,523,632,110
RAC: 0
Message 3476 - Posted: 5 Oct 2021, 10:33:03 UTC - in response to Message 3473.  

Thanks! Worked like a charm for me. Also fixed WUProp@home, it was having problem connecting to the server.


There are a couple of sites that still don't work but most people don't go there and I don't remember them right now
ID: 3476 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
search for the Truth: Jesus Is LORD. Do NOT be a DNA-denier; abortion kills a new unique human baby girl or boy. God is Love - Jesus proves it! Dios es Amor - Jesús lo demuestra. LLes

Send message
Joined: 15 Aug 18
Posts: 1
Credit: 14,171,077
RAC: 926
Message 3499 - Posted: 13 Oct 2021, 2:57:48 UTC - in response to Message 3436.  

I am having this issue
Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates
with SEVERAL projects: SIdock, SRbase GpuGrid in addition to Collatz
Is there some problem on my end?
ID: 3499 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Khali

Send message
Joined: 5 Apr 14
Posts: 3
Credit: 7,192,671,574
RAC: 1,545
Message 3500 - Posted: 13 Oct 2021, 4:19:46 UTC

I replaced the certificate like was suggested. Everything worked fine for a few days. However, its all back to not uploading tasks again as of yesterday. So, does any one know what the issue is now?
ID: 3500 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile mikey
Avatar

Send message
Joined: 11 Aug 09
Posts: 931
Credit: 24,523,632,110
RAC: 0
Message 3501 - Posted: 13 Oct 2021, 10:51:07 UTC - in response to Message 3499.  

I am having this issue
Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates
with SEVERAL projects: SIdock, SRbase GpuGrid in addition to Collatz
Is there some problem on my end?


Scroll back thru the messages and follow the directions I wrote on how to fix it
ID: 3501 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
KAMasud

Send message
Joined: 20 Oct 11
Posts: 48
Credit: 4,225,698,692
RAC: 8,445,946
Message 3503 - Posted: 14 Oct 2021, 16:16:06 UTC

@mikey. Stats have dropped by half? I am having no problems with the certificate issue but the stats have dropped by half. Is there any way of finding out the overall project picture? There should be some hint at the project site also if tasks completed are by half all across the project? Creepy feeling.
ID: 3503 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile mikey
Avatar

Send message
Joined: 11 Aug 09
Posts: 931
Credit: 24,523,632,110
RAC: 0
Message 3504 - Posted: 14 Oct 2021, 20:20:34 UTC - in response to Message 3503.  

@mikey. Stats have dropped by half? I am having no problems with the certificate issue but the stats have dropped by half. Is there any way of finding out the overall project picture? There should be some hint at the project site also if tasks completed are by half all across the project? Creepy feeling.


Yes your time to finish a task has doubled from these 2 tasks:
128978669 117683045 19 Sep 2021, 7:43:11 UTC 5 Oct 2021, 9:17:30 UTC Completed and validated 1,545.12 0.34 36,633.91 Collatz Sieve v1.30 (opencl_nvidia_gpu)
windows_x86_64
128978681 117683051 19 Sep 2021, 7:43:11 UTC 5 Oct 2021, 9:17:30 UTC Completed and validated 711.96 2.03 36,926.33 Collatz Sieve v1.30 (opencl_nvidia_gpu)
windows_x86_64

That would be exactly why your RAC has been cut in half. A couple of ideas here are you perhaps doing other things with your gpu while you are crunching, ie watching youtube videos, movies, playing games etc etc? UNLESS one of the above is true and idea to get it back near it's former time is to now use the optimization codes available for your gpu in the Number Crunching forum.
ID: 3504 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
KAMasud

Send message
Joined: 20 Oct 11
Posts: 48
Credit: 4,225,698,692
RAC: 8,445,946
Message 3507 - Posted: 15 Oct 2021, 10:38:12 UTC - in response to Message 3504.  

Mikey, everything else I do with my GPU is done on my Intel GPU. My Nvidia GPU is dedicated to only Collatz. Other than Collatz I run CPDN and WCG, both CPU. CPDN due to being Linux WU's I run VB but all that was being done before.
Things have moved forward from when I was doing GWBasic on 8086. Too rusted. Times doubled when I replaced the .crt with new. I just cannot understand what that has to do with doubling the times. I have a feeling that this topic will come up.
I wish they would release a new version of BOINC.
I will check up on the thread about optimising my GPU. Thank you.
ID: 3507 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile mikey
Avatar

Send message
Joined: 11 Aug 09
Posts: 931
Credit: 24,523,632,110
RAC: 0
Message 3509 - Posted: 15 Oct 2021, 10:51:35 UTC - in response to Message 3507.  

Mikey, everything else I do with my GPU is done on my Intel GPU. My Nvidia GPU is dedicated to only Collatz. Other than Collatz I run CPDN and WCG, both CPU. CPDN due to being Linux WU's I run VB but all that was being done before.
Things have moved forward from when I was doing GWBasic on 8086. Too rusted. Times doubled when I replaced the .crt with new. I just cannot understand what that has to do with doubling the times. I have a feeling that this topic will come up.
I wish they would release a new version of BOINC.
I will check up on the thread about optimising my GPU. Thank you.


A brand new Alpha version of Boinc was sent out and in my inbox this morning, reports so far are that it works but that's only a few people, unfortunately I am going out of town today and can't test it until I get back. And YES it fixes the Certificate problem, the version is 7.16.20 but be very careful if you even consider trying it as it just might break everything tomorrow.
ID: 3509 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
apollinaris

Send message
Joined: 19 Sep 15
Posts: 1
Credit: 4,140,467
RAC: 3,090
Message 3510 - Posted: 15 Oct 2021, 11:45:28 UTC

15.10.2021 13:44:30 | collatz | update requested by user
15.10.2021 13:44:31 | collatz | Fetching scheduler list
15.10.2021 13:44:32 | | Project communication failed: attempting access to reference site
15.10.2021 13:44:34 | | Internet access OK - project servers may be temporarily down.
ID: 3510 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
1 · 2 · 3 · Next

Message boards : Number crunching : Certificate issue


©2022 Jon Sonntag; All rights reserved