OCS Inventory NG Forums

OCS Inventory NG, an OpenSource computer inventory and package deployement system for Windows and Unix

You are not logged in.

Pages: 1

Topic closed

#1 2007-09-19 14:48:13

Exxter
Member
Registered: 2007-09-18
Posts: 13

certificate verify failed

Hello,

I've search, but nothing helps..

I've install the latest OCS Inventory NG on a Debian Etch with Apache 1.3.34, MySQL 5.0.32 and Perl 5.8.8. I can login at http://server/ocsreports and i see all Computers. http(s)://server/download is also available. But i think, the Agent have a problem with self signed certs, i can't deploy a pakage, Status is the first time "WAITING NOTIFICATION", a little bit later "NOTIFIED". But the pakage will not be installed at the clients. Debug-log from a client:

[...]
HTTP SERVER: Getting HTTP Connection to server sup.homelinux.org port 80 using no authentication...OK.
HTTP SERVER: Sending prolog query...Http code (200)...OK
OK.
HTTP SERVER: Receiving prolog response...OK.
DOWNLOAD: Working directory already exists
ERROR: DOWNLOAD: loading CA file and/or directory
ERROR:error:02001002:system library:fopen:No such file or directory
DOWNLOAD: Info file for package 1190035452 is located at : verleinix:443/download
ERROR: DOWNLOAD: SSL: -Error with certificate at depth: 0
ERROR: DOWNLOAD: SSL: issuer   = /C=DE/ST=City/O=Companie/CN=adress.homelinux.org/emailAddress=info@domain.de
ERROR: DOWNLOAD: SSL: subject  = /C=DE/ST=City/O=Companie/CN=adress.homelinux.org/emailAddress=info@domain.de
ERROR: DOWNLOAD: SSL: err 18:self signed certificate
ERROR:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
PROLOG FREQ was set to 24
HTTP SERVER: INV : Inventory requested by server
HTTP SERVER: Closing HTTP connection
Retrieving Device informations...
[...]

I've copy the SSL Cert from the Apache to the installationfolder of the agent, but nothing helps.
How can i disable, that the agent try to verify the cert? any idea?

Last edited by Exxter (2007-09-19 15:01:10)

Offline

#2 2007-09-19 15:09:29

kscholz
Member
Registered: 2007-06-11
Posts: 6

Re: certificate verify failed

Hello,

have you renamed the certificate in the installation directory of ocsi to "cacert.pem" ?
If not try it. ;-)

Offline

#3 2007-09-19 15:35:48

Exxter
Member
Registered: 2007-09-18
Posts: 13

Re: certificate verify failed

Yeah, thanx very much! Now i see a "Success" smile

Offline

#4 2007-09-19 15:38:48

kscholz
Member
Registered: 2007-06-11
Posts: 6

Re: certificate verify failed

You are welcome. ;-)

Offline

#5 2008-06-17 21:49:03

lalo
Member
Registered: 2008-06-17
Posts: 3

Re: certificate verify failed

I have the exact same error and my file is named cacert.pem... I can't see why it's not working. Can anyone plz help me?

Offline

#6 2008-08-26 14:18:06

dbx
Member
Registered: 2008-08-26
Posts: 3

Re: certificate verify failed

Me too, I have the same problem. I have yet renamed the server.crt in cacert.pem and with ocspackager, i have install the ocsagent. But now, I have an error on my @PcAgent.log in directory OCS Inventory Agent :
HTTP SERVER: Creating CInternetSession to get inventory parameters...OK.
HTTP SERVER: Getting HTTP Connection to server 10.99.6.3 port 80 using no authentication...OK.
HTTP SERVER: Sending prolog query...HTTP status 200 OK
OK.
HTTP SERVER: Receiving prolog response...OK.
DOWNLOAD: Working directory already exists
DOWNLOAD: Package history file cleaning not required
ERROR: DOWNLOAD: loading CA file and/or directory
ERROR:error:02001002:system library:fopen:No such file or directory
DOWNLOAD: Info file for package 1219733544 is located at : 10.99.6.3:443/download
ERROR: DOWNLOAD: SSL: -Error with certificate at depth: 0
ERROR: DOWNLOAD: SSL: issuer   = /C=FR/ST=RUN/L=STD/O=DAF/OU=COGI/CN=10.99.6.3
ERROR: DOWNLOAD: SSL: subject  = /C=FR/ST=RUN/L=STD/O=DAF/OU=COGI/CN=10.99.6.3
ERROR: DOWNLOAD: SSL: err 18:self signed certificate
ERROR:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
PROLOG FREQ was set to 1
HTTP SERVER: Inventory requested by server
HTTP SERVER: Closing HTTP connection

Please, is anyone can help me?

Offline

#7 2008-11-21 16:05:57

jsylvia007
Member
Registered: 2008-11-21
Posts: 1

Re: certificate verify failed

I'm having the same problem here.  This doesnt make any sense.  I am using a self-signed certificate...  the cacert.pem is located in "C:\Program Files\OCS Inventory Agent".

Is there some issue with Self Signed Certs????

HTTP SERVER: Creating CInternetSession to get inventory parameters...OK.
HTTP SERVER: Getting HTTP Connection to server 10.11.7.60 port 80 using no authentication...OK.
HTTP SERVER: Sending prolog query...Http code (200)...OK
OK.
HTTP SERVER: Receiving prolog response...OK.
DOWNLOAD: Working directory already exists
ERROR: DOWNLOAD: loading CA file and/or directory
ERROR:error:02001002:system library:fopen:No such file or directory
DOWNLOAD: Info file for package 1227030775 is located at : ptiri-admin.portolatech.com:443/download
ERROR: DOWNLOAD: SSL: -Error with certificate at depth: 0
ERROR: DOWNLOAD: SSL: issuer   = XXXXXXXX
ERROR: DOWNLOAD: SSL: subject  = XXXXXXXX
ERROR: DOWNLOAD: SSL: err 18:self signed certificate
ERROR:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
PROLOG FREQ was set to 1
HTTP SERVER: INV : Inventory requested by server
HTTP SERVER: Closing HTTP connection

Offline

#8 2009-02-19 21:27:02

adad
Member
Registered: 2009-02-19
Posts: 1

Re: certificate verify failed

Hello,

I am having this problem as well.

cacert.pem is located in "C:\Program Files\OCS Inventory Agent".

server.crt  shows Issued To: ocs.hva.org and Issued By: ocs.hva.org before rename to cacert.pem

OS is OpenSuse 10.2
OCS ver 1.01

HTTP SERVER: Receiving prolog response...OK.
DOWNLOAD: Working directory already exists
DOWNLOAD: Info file for package 1234551003 is located at : ocs.hva.org:443/download
ERROR: DOWNLOAD: SSL: -Error with certificate at depth: 0
ERROR: DOWNLOAD: SSL: issuer   = /C=US/ST=Michigan/L=Ann Arbor/O=Huron Valley Ambulance/CN=ocs.hva.org
ERROR: DOWNLOAD: SSL: subject  = /C=US/ST=Michigan/L=Ann Arbor/O=Huron Valley Ambulance/CN=ocs.hva.org
ERROR: DOWNLOAD: SSL: err 18:self signed certificate
ERROR:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
PROLOG FREQ was set to 1
HTTP SERVER: INV : Inventory requested by server


Thanks in advance!

Offline

#9 2009-05-15 14:04:00

tomasucho
Member
From: Poland
Registered: 2008-08-20
Posts: 204
Website

Re: certificate verify failed

>> cacert.pem is located in "C:\Program Files\OCS Inventory Agent".

I can bet that people have enabled 'hide extension' function and the file is called cacert.pem.crt :]

Regards,

Offline

#10 2009-05-20 08:01:48

DerAkai
Member
Registered: 2009-04-24
Posts: 25

Re: certificate verify failed

I unenabled ' hide extension'

but the file is still be cacert.pem

How do I fix this problem

Offline

#11 2009-05-20 09:25:31

tomasucho
Member
From: Poland
Registered: 2008-08-20
Posts: 204
Website

Re: certificate verify failed

Please follow the  documentation: http://wiki.ocsinventory-ng.org/index.p … Teledeploy
Make sure you have correctly generated your certificate. Then copy it once again to the clients folder, set new package
and watch logs.

Offline

#12 2009-07-26 07:18:58

kbrault
Member
Registered: 2009-07-22
Posts: 1

Re: certificate verify failed

I am getting the same errors:

When I run <"C:\Program Files\OCS Inventory Agent\OCSInventory.exe" /server:isaz-server.isaz.lan /debug> I get:

DOWNLOAD: Working directory already exists
DOWNLOAD: Package history file cleaning not required
ERROR: DOWNLOAD: loading CA file and/or directory
ERROR:error:02001002:system library:fopen:No such file or directory
DOWNLOAD: Info file for package 1248568521 is located at : isaz-server.isaz.lan:443/download
ERROR: DOWNLOAD: SSL: -Error with certificate at depth: 0
ERROR: DOWNLOAD: SSL: issuer   = /C=--/ST=----/L=Scottsdale, Arizona 85258/O=ISA/OU=ISAZ/CN=isaz-server.isaz.lan/emailAddress=admin@isaz.lan
ERROR: DOWNLOAD: SSL: subject  = /C=--/ST=----/L=Scottsdale, Arizona 85258/O=ISA/OU=ISAZ/CN=isaz-server.isaz.lan/emailAddress=admin@isaz.lan
ERROR: DOWNLOAD: SSL: err 18:self signed certificate
ERROR:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
PROLOG FREQ was set to 24

I checked the "C:\Program Files\OCS Inventory Agent\cacert.pem" file and it matches exactly the "base-64 X.509" certificate export from Internet Explorer. All server configuration parameters (and the certificate) are pointing to the FQDN.

Any suggestions?

Thank you in advance for your help.

Kevin

Offline

#13 2009-07-29 16:21:46

tomasucho
Member
From: Poland
Registered: 2008-08-20
Posts: 204
Website

Re: certificate verify failed

I repeat:
1. generate your certificate once again with vaild CN(the same you use  in service.ini)
Use a script: http://wiki.ocsinventory-ng.org/index.p … rtificates.

2. Check if your cacert.pem does not contain 'hidden' extension.

--
Tomasz

Offline

Pages: 1

Topic closed

Board footer

Powered by FluxBB