• Guest, The rules for the P & N subforum have been updated to prohibit "ad hominem" or personal attacks against other posters. See the full details in the post "Politics and News Rules & Guidelines."

Security certificate problems on multiple projects

Fardringle

Diamond Member
Oct 23, 2000
9,046
617
126

This is affecting multiple projects, and results in an error when trying to upload results to the projects.
Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates
Any computers getting this error need to download the ca-bundle.crt file from Richard Haselgrove's post at that link, back up/rename the current ca-bundle.crt file in C:\Program Files\BOINC and then copy the downloaded file into that same location. Restarting the computer/BOINC is not necessary, but you may need to manually tell the project(s) to update so that they will try to contact the server again.
 

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
21,768
10,015
136
The one in that thread is expired. Mine seems good until 2028.
 

VirtualLarry

No Lifer
Aug 25, 2001
52,213
7,045
126
Richard Haselgrove's post at that link
Who is Richard Haselgrove, and why should I be manually downloading CA Certs from someone on the internet, rather than rely on an updated, SIGNED, application update that would bundle them? Seems very insecure to me.
 

Fardringle

Diamond Member
Oct 23, 2000
9,046
617
126
If you don't want to download the file from the BOINC forums, which does fix the problem, you can get the same thing from the SRBase file server...

This was just posted by the SRBase admin:
SRBase: invalid certificate from older BOINC clients
If you are getting an error in your BOINC client log:

Scheduler request failed: Peer certificate cannot be authenticated with give

you must update/replace the ca-bundle.crt from the BOINC client. It looks like the file is outdated. Stop BOINC, replace the file and restart.

I put the file in the download folder for download.

https://srbase.my-firewall.org/sr5/download/ca-bundle.crt
 

StefanR5R

Elite Member
Dec 10, 2016
4,287
4,877
136
why should I be manually downloading CA Certs from someone on the internet, rather than rely on an updated, SIGNED, application update that would bundle them? Seems very insecure to me.
On Linux, the boinc client should use the systemwide installed certificates and they should be up to date.

On Windows, I understand that the boinc client uses its own set of certificates. Unfortunately, an updated client has not been released yet.
(https://boinc.berkeley.edu/download_all.php)
Hence, the best workaround might be to edit ca_bundle.crt to exclude the expired certificate which is highlighted in the berkeley.edu thread which Fardringle pointed to. Or if you have both Linux and Windows computers, copy an up-to-date ca_bundle.crt from Linux to Windows. (I tried neither of these approaches myself.)

Or download the file from one other source which Richard Haselgrove referred to:
post at the BOINC forum
 

Fardringle

Diamond Member
Oct 23, 2000
9,046
617
126
Updating the BOINC client on Windows machines to version 7.16.20 will also fix this problem.
 

ASK THE COMMUNITY