Invalid Certificate

X

xminer

Guest
Can anyone help shed light on this error... this happened after adding a node to the cluster. I can access the master, but when I try to pull up the gui for the node firefox displays this. And Google Chrome just spins its wheels and times out... So I gather there a problem with the certificate any one know how to resolve it? Master is fine, error comes up on the slave node.

---
You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information:

Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.

(Error code: sec_error_reused_issuer_and_serial)
---

Both master and slave are:
pveversion -v
pve-manager: 1.9-26 (pve-manager/1.9/6567)
running kernel: 2.6.32-6-pve
proxmox-ve-2.6.32: 1.9-55+ovzfix-1
pve-kernel-2.6.32-6-pve: 2.6.32-55+ovzfix-1
qemu-server: 1.1-32
pve-firmware: 1.0-14
libpve-storage-perl: 1.0-19
vncterm: 0.9-2
vzctl: 3.0.29-3pve1
vzdump: 1.2-16
vzprocps: 2.0.11-2
vzquota: 3.0.11-1
pve-qemu-kvm: 0.15.0-2
ksm-control-daemon: 1.0-6


Cheers!
 
Last edited by a moderator:
Looks like the two nodes somehow have identical serial numbers... by deleting 'cert8.db' in the Firefox Profile folder I am able to pull up the salve node, but now, of course, I am getting the same error on the master. This doesn't seam right, shouldn't that cert be generated during install and have a random serial? These nodes were deployed and install months apart... how could they end up with the same serial number? or I am missing the real issue altogether?

Any help appreciated.
 
Hi,

I got the same problem and this is how I fixed it :

From the cluster node :

# create a new certificate with a new serial number
pvecert --force
# restart apache (because apparently it keeps the certificate in its cache)
/etc/init.d/apache2 restart

In Firefox, I then removed all the existing certificates related to both the cluster master and the cluster node.

Cheers,
Hakim
 
Last edited:
Thank you, that worked perfectly. I also had to again delete 'cert8.db' in Firefox before it woke up. But the fix took immediate affect in any browser without the certs cached.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back