Problem swapping in :: sslv3 alert certificate expired :: Failed to start event system

Skip to first unread message


Apr 10, 2020, 5:32:38 PM4/10/20
to emulab-admins
Hello everyone,
      We've got a user trying to swap in a few different experiments and they've all failed.  I have some daily experiments that swap in as tests, these have also been failing since March 15th (our emulab isn't getting a lot of use right now).  We have had only 3 successful swap-ins since March 15th, and all of them fail with these messages in the log:

TIMESTAMP: 16:10:22:624345 eventsys_control started
Checking for feature NewEventScheduler.
/usr/testbed/sbin/event-sched -d -s localhost -k /proj/emulab-ops/exp/Maintenance3/tbdata/eventkey emulab-ops Maintenance3
Beginning call to experiment.metadata
Error occured: Unable to transport XML to server and get XML response back. libcurl failed to execute the HTTP POST transaction, explaining: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired
could not get experiment metadata
Finished with call to experiment.metadata
*** eventsys.proxy:
Failed to start event system for emulab-ops/Maintenance3: 1345 0!
*** ERROR: tbswap: Failed to start the event system.
Cleaning up after errors.
Stopping the event system

It would seem that we have an expired certificate someplace. but not exactly sure which one, I've checked the group here, and there are similar situations, but nothing recent that matches well, and things have changed since some of the answers.  That being said, we are 4 years out of date.....  version:

root@boss:/usr/testbed # testbed-version
buildinfo: 04/07/2016
commithash: 82a3cbbdfbf9a436f808d0013f63eb076d1b4690
dbrev: 4.497
install: 5.46
needreboot: 0
OS Version: FreeBSD 10.0-RELEASE-p18
Perl Version: 5.014004

I thought the expiration of the cert would match the install date, but it doesn't (install date of 4/7 and today being 4/10) thought this looked to be coincidental, but the swap-in failures started March 15th....

so I have a few questions:
1. Is there an easy way to update the certs (without doing a full update that I need), should I do this:

2. I should update to the latest, I assume that will reset the certs, since I'm so far out if date what instructions should I follow, do I have to do it in 2+ steps?  Do you have a URL with instructions that I should follow?  Do I also have to upgrade the OS? 


Leigh Stoller

Apr 10, 2020, 5:39:22 PM4/10/20
at 2:32 PM, burnettb317 <> wrote:

> It would seem that we have an expired certificate someplace.

Hi. Most likely it is /users/XXX/.ssl/emulab.pem (where XXX is the user that
started the experiment). Or, it is boss:/usr/testbed/etc/emulab.pem

Once we know which one, we can tell you how to proceed.



Apr 10, 2020, 5:59:13 PM4/10/20
to emulab-admins
Looks like boss:/usr/testbed/etc/emulab.pem expired 3/14/2020, the other users I check are later 2020 or 2021

Leigh Stoller

Apr 10, 2020, 6:10:54 PM4/10/20
at 2:59 PM, burnettb317 <> wrote:

> Looks like boss:/usr/testbed/etc/emulab.pem expired 3/14/2020, the other users I check are later 2020 or 2021

See this:

Note that since you are not federated with us, you do not have to “tell
Utah” or do the part about “getcacerts”



Apr 10, 2020, 6:54:29 PM4/10/20
to emulab-admins
Thanks, That did it, and I've got 2 successful swaps!

Thanks, Happy Easter!
Reply all
Reply to author
0 new messages