Jump to content

SSL connection not working with Ubuntu


trx
 Share

Recommended Posts

Hi,

Since a recent PlaticSCM server update, we are not able to connect with our Linux Clients to the self hosted Team Edition Server. All the Windows Clients work perfectly only Linux Clients are affected (tested on multiple machines)

a

cm repository

returns: Error: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.

Log output is:
 

2021-10-01 14:14:38,972 user INFO  Channel - Rejected certificate validation info:
  Sender:
  Certificate:
    SHA1: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    MD5: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Subject: CN=our.domain.name
    Issuer: CN=R3, O=Let's Encrypt, C=US
    Expiration: 11/29/2021 7:44:23 AM
    Version: 3
  Chain:
    Policy:
      Revocation mode: NoCheck
      Revocation flags: ExcludeRoot
      Verification flags: NoFlag
      Verification time: 10/1/2021 2:14:38 PM
  SslPolicyErrors: RemoteCertificateChainErrors

2021-10-01 14:14:38,975 user DEBUG ConnectClientSsl - Connect exception: System.IO.IOException. Message: The authentication or decryption has failed.
2021-10-01 14:14:38,975 user ERROR PlasticPipe - Error happened trying to SSL to ssl://our.domain.name:8088. The authentication or decryption has failed.
2021-10-01 14:14:38,976 user ERROR PlasticPipe - Failed to negotiate remoting SSL with ssl://our.domain.name:8088. Will try starting a TCP connection then switching to SSL
2021-10-01 14:14:38,976 user DEBUG Channel - Purging connection to ssl://our.domain.name:8088
2021-10-01 14:14:38,990 user DEBUG ConnectionCreator - Create connection to ssl://our.domain.name:8088 took 13 ms

seems like a certficiate ChainError, but it worked till the recent update.

 

Thanks

Fabian

Link to comment
Share on other sites

Hi,

Could you check if the following helps:

1.  Edit the following file:

/etc/ssl/openssl.cnf


2. First line of the file add:

openssl_conf=default_conf

At the end of the file add:

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

3. Restart the Plastic SCM server.

Regards,

Carlos.

Link to comment
Share on other sites

Unfortunately it didn't fix my problem.

 

We use currently an let's Encrypt certificate that will be updated regularly. The issue started probably since the last update, but unfortunately we also updated the PlasticSCM server in that go

 

Thanks

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...