Posts by GoodOlClint

1) Message boards : Number crunching : Thread to report issues after server migration (Message 76504) Posted 3 Nov 2023 by GoodOlClint Post: Wow, good catch. That is exactly the issue.
2) Message boards : Number crunching : Thread to report issues after server migration (Message 76502) Posted 3 Nov 2023 by GoodOlClint Post: Yeah, openssl s_client seems to report the full chain, but also reports an error of "Verify return code: 21 (unable to verify the first certificate)" Reading a bunch of docs about it all point to the server not sending the full chain when that error is reported. One blog post said to use the website I linked to check and sure enough it reports the immediate issuing certificate is not being presented by the server.
3) Message boards : Number crunching : Thread to report issues after server migration (Message 76500) Posted 2 Nov 2023 by GoodOlClint Post: Looks like the issue is the server is not sending the full certificate chain. See this link for details: https://www.ssllabs.com/ssltest/analyze.html?d=milkyway-new.cs.rpi.edu The server needs to be configured to send the "InCommon RSA Server CA 2" intermediate CA certificate as well. Looks like there are instructions on how to configure Apache here: https://www.digicert.com/kb/csr-ssl-installation/apache-openssl.htm You'll need a .crt file containing the entire certificate chain.
4) Message boards : Number crunching : Thread to report issues after server migration (Message 76499) Posted 2 Nov 2023 by GoodOlClint Post: It's definitely certificate related on my Linux Docker. Running this command on my mac works, but on my container it returns an error. curl https://milkyway-new.cs.rpi.edu/milkyway/get_project_config.php -v Results on Docker: root@84d5ad767049:/tmp/certs# curl https://milkyway.cs.rpi.edu/milkyway/get_project_config.php -v * Trying 128.113.126.54:443... * Connected to milkyway.cs.rpi.edu (128.113.126.54) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS header, Unknown (21): * TLSv1.3 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. The root CA is in my ca-certificates.crt file, so I am not sure what is going on yet.