Certificate Error on Miner Refresh

L1 Bithead

Certificate Error on Miner Refresh

Currently Running MineMeld Version 0.9.40 on Ubuntu 14.04. I am getting the following certificate error. I have tried updating the self-signed cert, restart, ubuntu reboot. with no change.

 

 

L7 Applicator

Re: Certificate Error on Miner Refresh

Are you doing SSL decryption ? The Miner is not able to validate the remote certificate of the ET server.

L1 Bithead

Re: Certificate Error on Miner Refresh

Yes but I tried exempting the MineMeld server from SSL Decryption. I also added the Trusted Root CA to Minemeld.

L7 Applicator

Re: Certificate Error on Miner Refresh

Could you double check that MM is actually exempted from decryption ?
Another option is saving the Trusted CA certificate in /opt/minemeld/local/CA/site/ and then "sudo -u mm-cabundle-update"

L1 Bithead

Re: Certificate Error on Miner Refresh

I will double check in the morning. I will first try to add the Root CA to /opt/minemeld/local/CA/site/ and then "sudo -u mm-cabundle-update"

 

Thank you for the quick reply @lmori

L2 Linker

Re: Certificate Error on Miner Refresh

Hi @lmori,

 

I tried that, but so far it didn't work.

First, shouldn't that be:  sudo -u minemeld mm-cabundle-update  ?

 

Second: 

I exported my forward decryption certificate from my PA in PEM format and created a file 

pa820SubCA.crt 

in

/opt/minemeld/local/CA/site

 

Then I ran:

/opt/minemeld/local/certs$ sudo -u minemeld mm-cabundle-update
2018-03-26T23:14:19 (101237)cacert_merge.main INFO: config: {'cafile': ['/opt/minemeld/local/certs/site/'], 'dst': '/opt/minemeld/local/certs/bundle.crt', 'config': '/opt/minemeld/local/certs/cacert-merge-config.yml', 'no_merge_certifi': False}
WARNING: old python version (< 2.7.9) - certificate verification not performed

 

I'm seeing 

/opt/minemeld/local/certs$ ls -la
total 312
drwxr-xr-x 4 minemeld minemeld 4096 Mar 26 22:50 .
drwxr-xr-x 9 minemeld minemeld 4096 Mar 26 23:00 ..
-rw------- 1 minemeld minemeld 296399 Mar 26 23:14 bundle.crt
drwxr-xr-x 3 minemeld minemeld 4096 Mar 26 22:38 CA
-rw-r--r-- 1 minemeld minemeld 25 Oct 2 14:17 cacert-merge-config.yml
drwxr-xr-x 2 minemeld minemeld 4096 Oct 2 14:18 site

 

I don't see my certificate getting added in bundle.crt

 

Did I miss anything?

 

Regards,

  Andreas

L2 Linker

Re: Certificate Error on Miner Refresh

I got it working now.

 

Changes required:

Trusted CA PEM file needs to be in:

/opt/minemeld/local/certs/site

with the extension .crt

 

Then, after running

sudo -u minemeld mm-cabundle-update

 

you need to restart the engine from the System menu.

 

Now everything looks fine.

 

Regards,

   Andreas 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!