Security certificate problems on multiple projects

[Fardringle]

HTTP error: Peer certificate cannot be authenticated with given CA certificates (with workaround)

boinc.berkeley.edu

This is affecting multiple projects, and results in an error when trying to upload results to the projects.

Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates

Any computers getting this error need to download the ca-bundle.crt file from Richard Haselgrove's post at that link, back up/rename the current ca-bundle.crt file in C:\Program Files\BOINC and then copy the downloaded file into that same location. Restarting the computer/BOINC is not necessary, but you may need to manually tell the project(s) to update so that they will try to contact the server again.

 

[Markfw]

The one in that thread is expired. Mine seems good until 2028.

 

[VirtualLarry]

Richard Haselgrove's post at that link

Who is Richard Haselgrove, and why should I be manually downloading CA Certs from someone on the internet, rather than rely on an updated, SIGNED, application update that would bundle them? Seems very insecure to me.

 

[Fardringle]

If you don't want to download the file from the BOINC forums, which does fix the problem, you can get the same thing from the SRBase file server...

This was just posted by the SRBase admin:

SRBase: invalid certificate from older BOINC clients If you are getting an error in your BOINC client log: Scheduler request failed: Peer certificate cannot be authenticated with give you must update/replace the ca-bundle.crt from the BOINC client. It looks like the file is outdated. Stop BOINC, replace the file and restart. I put the file in the download folder for download. https://srbase.my-firewall.org/sr5/download/ca-bundle.crt

 

[lane42]

Richard Haselgrove (berkeley.edu)
He was a long time seti user

 

[StefanR5R]

why should I be manually downloading CA Certs from someone on the internet, rather than rely on an updated, SIGNED, application update that would bundle them? Seems very insecure to me.

On Linux, the boinc client should use the systemwide installed certificates and they should be up to date.

On Windows, I understand that the boinc client uses its own set of certificates. Unfortunately, an updated client has not been released yet.
(https://boinc.berkeley.edu/download_all.php)
Hence, the best workaround might be to edit ca_bundle.crt to exclude the expired certificate which is highlighted in the berkeley.edu thread which Fardringle pointed to. Or if you have both Linux and Windows computers, copy an up-to-date ca_bundle.crt from Linux to Windows. (I tried neither of these approaches myself.)

Or download the file from one other source which Richard Haselgrove referred to:
post at the BOINC forum

 

[Fardringle]

Updating the BOINC client on Windows machines to version 7.16.20 will also fix this problem.