Certificate Error on Miner Refresh

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Certificate Error on Miner Refresh

L1 Bithead

Currently Running MineMeld Version 0.9.40 on Ubuntu 14.04. I am getting the following certificate error. I have tried updating the self-signed cert, restart, ubuntu reboot. with no change.

 

 

1 accepted solution

Accepted Solutions

I will double check in the morning. I will first try to add the Root CA to /opt/minemeld/local/CA/site/ and then "sudo -u mm-cabundle-update"

 

Thank you for the quick reply @lmori

View solution in original post

6 REPLIES 6

L7 Applicator

Are you doing SSL decryption ? The Miner is not able to validate the remote certificate of the ET server.

Yes but I tried exempting the MineMeld server from SSL Decryption. I also added the Trusted Root CA to Minemeld.

Could you double check that MM is actually exempted from decryption ?
Another option is saving the Trusted CA certificate in /opt/minemeld/local/CA/site/ and then "sudo -u mm-cabundle-update"

I will double check in the morning. I will first try to add the Root CA to /opt/minemeld/local/CA/site/ and then "sudo -u mm-cabundle-update"

 

Thank you for the quick reply @lmori

Hi @lmori,

 

I tried that, but so far it didn't work.

First, shouldn't that be:  sudo -u minemeld mm-cabundle-update  ?

 

Second: 

I exported my forward decryption certificate from my PA in PEM format and created a file 

pa820SubCA.crt 

in

/opt/minemeld/local/CA/site

 

Then I ran:

/opt/minemeld/local/certs$ sudo -u minemeld mm-cabundle-update
2018-03-26T23:14:19 (101237)cacert_merge.main INFO: config: {'cafile': ['/opt/minemeld/local/certs/site/'], 'dst': '/opt/minemeld/local/certs/bundle.crt', 'config': '/opt/minemeld/local/certs/cacert-merge-config.yml', 'no_merge_certifi': False}
WARNING: old python version (< 2.7.9) - certificate verification not performed

 

I'm seeing 

/opt/minemeld/local/certs$ ls -la
total 312
drwxr-xr-x 4 minemeld minemeld 4096 Mar 26 22:50 .
drwxr-xr-x 9 minemeld minemeld 4096 Mar 26 23:00 ..
-rw------- 1 minemeld minemeld 296399 Mar 26 23:14 bundle.crt
drwxr-xr-x 3 minemeld minemeld 4096 Mar 26 22:38 CA
-rw-r--r-- 1 minemeld minemeld 25 Oct 2 14:17 cacert-merge-config.yml
drwxr-xr-x 2 minemeld minemeld 4096 Oct 2 14:18 site

 

I don't see my certificate getting added in bundle.crt

 

Did I miss anything?

 

Regards,

  Andreas

I got it working now.

 

Changes required:

Trusted CA PEM file needs to be in:

/opt/minemeld/local/certs/site

with the extension .crt

 

Then, after running

sudo -u minemeld mm-cabundle-update

 

you need to restart the engine from the System menu.

 

Now everything looks fine.

 

Regards,

   Andreas 

  • 1 accepted solution
  • 8294 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!