Hi everyone
We're seeing issues with retrieving the S3's certificate. We are using the S3 in three separate environments, each with two individual SOBRs (one per site) and it seems only one of them is having issues. We get certificate errors one some VM offloads, but most work even in this problematic environment. We get certificate errors when trying to change bucket settings in GUI or via Powershell.
As far as I can tell, everything seems to be working normally when I try to open the https FQDN in browser.
I believe that the networks are routed so there shouldn't be a firewall making issues.
Does anybody have an idea what the culprit could be? We even tried setting a registry key to ignore SSL faults but it seems that doesn't stop it from trying to red the certificate, only from whining if it's a bad one.
The certificate is self-signed, so no authority should be involved either.
We have a case opened for this. 06080428.
-
EWMarco
- Service Provider
- Posts: 39
- Liked: 7 times
- Joined: Feb 20, 2023 9:28 am
- Full Name: Marco Glavas
- Contact:
-
HannesK
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: Failed to retrieve certificate
Hello,
usually that sounds like CRL issues with firewalls or self-signed certificates. As you said, that there is no firewall, let's see what support finds out.
The reg keys must work. I also use them in a restricted network and with self-signed certificates. Support should check again (I replaced your support contract number with the case number)
Best regards,
Hannes
usually that sounds like CRL issues with firewalls or self-signed certificates. As you said, that there is no firewall, let's see what support finds out.
The reg keys must work. I also use them in a restricted network and with self-signed certificates. Support should check again (I replaced your support contract number with the case number)
Best regards,
Hannes
-
EWMarco
- Service Provider
- Posts: 39
- Liked: 7 times
- Joined: Feb 20, 2023 9:28 am
- Full Name: Marco Glavas
- Contact:
Re: Failed to retrieve certificate
Thanks, I keep copying the wrong number... Don't know why the contract even needs to be displayed in the case but oh well.
Edit: I'm sorry, I don't understand... if the cert was revoked, how can it be that 95% of the offloading works just peachy? Look, we're having a misconfiguration in which the B&R master server is used as gateway. Okay so that would imply that the master server is blocked from contacting the S3. However, I can do so without issue in a browser.
So I don't get it. even if there was a firewall, how would it know to drop the packets in the precise moment the same four VMs are being offloaded?
Edit: I'm sorry, I don't understand... if the cert was revoked, how can it be that 95% of the offloading works just peachy? Look, we're having a misconfiguration in which the B&R master server is used as gateway. Okay so that would imply that the master server is blocked from contacting the S3. However, I can do so without issue in a browser.
So I don't get it. even if there was a firewall, how would it know to drop the packets in the precise moment the same four VMs are being offloaded?
-
HannesK
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: Failed to retrieve certificate
agree, it sounds odd that some machines work, some not. Let's see what support finds out. It's hard to guess things like that on a forum. V12 is stricter around CRLs than V11 and that's why I also need reg keys in my lab with self-signed certificates
Who is online
Users browsing this forum: No registered users and 13 guests