[9.191][ANSWERED] System Messages log complains about SSL certificate with afraid.org

I'm using Afraid.org as a Dynamic DNS provider.  Since recently, the attempts of the system to connect to Afraid.org to update the local WAN IP address fails with the details in the log below.

Is this a bug, or, should I create an exception for it to work in the web filter?

This was previously working...

2014:01:07-15:40:01 utm-work /usr/sbin/cron[8391]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
2014:01:07-15:40:01 utm-work /usr/sbin/cron[8392]: (root) CMD (/var/mdw/scripts/pmx-blocklist-update)
2014:01:07-15:40:01 utm-work /usr/sbin/cron[8393]: (httpproxy) CMD (/var/chroot-http/usr/bin/virus_sample_uploader -p /var/chroot-http)
2014:01:07-15:41:04 utm-work ddclient[5613]: WARNING:  file /var/cache/ddclient/ddclient.cache, line 3: Invalid Value for keyword 'ip' = ''
2014:01:07-15:41:06 utm-work ddclient[5613]: WARNING:  cannot connect to freedns.afraid.org:443 socket: IO::Socket::SSL: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed IO::Socket::INET6 configuration failed SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014:01:07-15:41:06 utm-work ddclient[5613]: FAILED:   updating utm-work.mooo.com: Could not connect to http://freedns.afraid.org/api/?action=getdyndns&sha=bcb4bbe3ab36efebf686f11a49da912ae05cd863 for site list.

Parents

0 trollvottel over 11 years ago
Please report what the following returns when executed at your UTM system:

openssl s_client -connect freedns.afraid.org:443 -showcerts -CApath /etc/ssl/certs

For me it returns code 0 (ok)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 AzRoN over 11 years ago in reply to trollvottel
Please report what the following returns when executed at your UTM system:

openssl s_client -connect freedns.afraid.org:443 -showcerts -CApath /etc/ssl/certs

For me it returns code 0 (ok)

For me, this was the first few lines of output.

utm-work:/root # openssl s_client -connect freedns.afraid.org:443 -showcerts -CApath /etc/ssl/certs
CONNECTED(00000003)
depth=4 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify error:num=19:self signed certificate in certificate chain
verify return:0

However, i'm still getting the error in the logs.

I've yet to reboot or restart any services given the production nature of this device.

Interestingly enough, I am NOT using IPv6 in any capacity, I merely had IPv6 turned on for a brief period to explore a potential configuration and adoption of IPv6. However, that project was halted, all IPv6 support is currently Disabled according to WebAdmin and cc.
==

When in doubt, Script it out.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 AzRoN over 11 years ago in reply to trollvottel
Please report what the following returns when executed at your UTM system:

openssl s_client -connect freedns.afraid.org:443 -showcerts -CApath /etc/ssl/certs

For me it returns code 0 (ok)

For me, this was the first few lines of output.

utm-work:/root # openssl s_client -connect freedns.afraid.org:443 -showcerts -CApath /etc/ssl/certs
CONNECTED(00000003)
depth=4 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify error:num=19:self signed certificate in certificate chain
verify return:0

However, i'm still getting the error in the logs.

I've yet to reboot or restart any services given the production nature of this device.

Interestingly enough, I am NOT using IPv6 in any capacity, I merely had IPv6 turned on for a brief period to explore a potential configuration and adoption of IPv6. However, that project was halted, all IPv6 support is currently Disabled according to WebAdmin and cc.
==

When in doubt, Script it out.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data