Problem swapping in :: sslv3 alert certificate expired :: Failed to start event system

[burnettb317]

Hello everyone,

      We've got a user trying to swap in a few different experiments and they've all failed.  I have some daily experiments that swap in as tests, these have also been failing since March 15th (our emulab isn't getting a lot of use right now).  We have had only 3 successful swap-ins since March 15th, and all of them fail with these messages in the log:

TIMESTAMP: 16:10:22:624345 eventsys_control started

Checking for feature NewEventScheduler.

/usr/testbed/sbin/event-sched -d -s localhost -k /proj/emulab-ops/exp/Maintenance3/tbdata/eventkey emulab-ops Maintenance3

Beginning call to experiment.metadata

Error occured: Unable to transport XML to server and get XML response back. libcurl failed to execute the HTTP POST transaction, explaining: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired

could not get experiment metadata

Finished with call to experiment.metadata

*** eventsys.proxy:

Failed to start event system for emulab-ops/Maintenance3: 1345 0!

*** ERROR: tbswap: Failed to start the event system.

Cleaning up after errors.

Stopping the event system

It would seem that we have an expired certificate someplace. but not exactly sure which one, I've checked the group here, and there are similar situations, but nothing recent that matches well, and things have changed since some of the answers.  That being said, we are 4 years out of date.....  version:

root@boss:/usr/testbed # testbed-version

buildinfo: 04/07/2016

commithash: 82a3cbbdfbf9a436f808d0013f63eb076d1b4690

dbrev: 4.497

install: 5.46

needreboot: 0

OS Version: FreeBSD 10.0-RELEASE-p18

Perl Version: 5.014004

I thought the expiration of the cert would match the install date, but it doesn't (install date of 4/7 and today being 4/10) thought this looked to be coincidental, but the swap-in failures started March 15th....

so I have a few questions:

1. Is there an easy way to update the certs (without doing a full update that I need), should I do this: groups.google.com/d/msg/emulab-admins/W5WPWScYOw4/hSOcxhvpUN8J

2. I should update to the latest, I assume that will reset the certs, since I'm so far out if date what instructions should I follow, do I have to do it in 2+ steps?  Do you have a URL with instructions that I should follow?  Do I also have to upgrade the OS? 

Thanks,

--Ben

[Leigh Stoller]

at 2:32 PM, burnettb317 <burne...@gmail.com> wrote:

> It would seem that we have an expired certificate someplace.

Hi. Most likely it is /users/XXX/.ssl/emulab.pem (where XXX is the user that
started the experiment). Or, it is boss:/usr/testbed/etc/emulab.pem

Once we know which one, we can tell you how to proceed.

Leigh

[burnettb317]

Looks like boss:/usr/testbed/etc/emulab.pem expired 3/14/2020, the other users I check are later 2020 or 2021

[Leigh Stoller]

at 2:59 PM, burnettb317 <burne...@gmail.com> wrote:

> Looks like boss:/usr/testbed/etc/emulab.pem expired 3/14/2020, the other users I check are later 2020 or 2021

See this: https://groups.google.com/d/msg/emulab-admins/BoRDL54hM1Q/XMY3XNSyBAAJ

Note that since you are not federated with us, you do not have to “tell
Utah” or do the part about “getcacerts”

Leigh

[burnettb317]

Thanks, That did it, and I've got 2 successful swaps!

Thanks, Happy Easter!

-Ben