I installed this work around on my Debian 12 machines and it works. Does not work on Debian 10 machines however.

Anyone have any suggestions on why this is happening?

What response do you see to below command, mine in previous post in this thread.
openssl s_client -showcerts -connect asteroidsathome.net:443

---

Paul.

I installed this work around on my Debian 12 machines and it works. Does not work on Debian 10 machines however.

Anyone have any suggestions on why this is happening?

The system administrator hasn't updated the certificate on the boinc server, only the forum server.

They didn't finish the job.

The output is very long but something did standout on the Debian 10 system:

verify error:num=2:unable to get issuer certificate

On Debian 12 using the same cert setup steps I get:

Verify return code: 0 (ok)

Something is clearly wrong but not sure where to look.

Compare the first few lines showing the chain, mine from previous post linked below.
Should be root, intermediate (just added), then A@H.
https://asteroidsathome.net/boinc/forum_thread.php?id=1154&postid=9138

---

Paul.

The system administrator hasn't updated the certificate on the boinc server, only the forum server.

They didn't finish the job.

There is only ONE server here at Asteroids. It runs ALL processes on the Supermicro X11SW-TF (1 x Intel Xeon Silver 4214 2.20 GHz, 256 (4 x 64) GB RAM, 8 x 2TB HDD SAS 10K rpm (RAID6) OS Debian Jessie) server.

The reason that browsers work is because it uses a different protocol that manages comms with the primary certificate compared to the client needing to use different protocols provided by the intermediate certificate which is not installed into the server yet.

---

A proud member of the OFA (Old Farts Association)

These are the lines I get:
CONNECTED(00000003)
depth=1 C = GR, O = Hellenic Academic and Research Institutions CA, CN = GEANT TLS RSA 1
verify error:num=2:unable to get issuer certificate
issuer= C = GR, O = Hellenic Academic and Research Institutions CA, CN = HARICA TLS RSA Root CA 2021
verify return:1
depth=0 C = CZ, ST = Hlavn\C3\AD m\C4\9Bsto Praha, L = Praha 1, O = Univerzita Karlova, CN = www.asteroidsathome.net
issuer= C = GR, O = Hellenic Academic and Research Institutions CA, CN = GEANT TLS RSA 1
verify return:1

The first 2 lines are reversed which I am going to guess causes the issue with the root not being the first line.

The instructions I used are from the thread which worked on Debian 12.

I have tried update-ca-certificates, dpkg-reconfigure previously.

I have a number of tasks waiting to upload so would like to try to fix this rather than loosing them with an upgrade to 12

Check for a double entry in the dpkg-reconfigure app list. Remove a duplicate GEANT TLS RSA 1

---

A proud member of the OFA (Old Farts Association)

I'm a bit late to the party but can also confirm it works on Mint 22.1

Initially I tried removing and adding the project, which obviously failed. Managed to add it a few seconds after finishing the above steps. Thanks!

Ditto for Mint 22.1 and 22.2.

The system administrator hasn't updated the certificate on the boinc server, only the forum server.

They didn't finish the job.

There is only ONE server here at Asteroids. It runs ALL processes on the Supermicro X11SW-TF (1 x Intel Xeon Silver 4214 2.20 GHz, 256 (4 x 64) GB RAM, 8 x 2TB HDD SAS 10K rpm (RAID6) OS Debian Jessie) server.

The reason that browsers work is because it uses a different protocol that manages comms with the primary certificate compared to the client needing to use different protocols provided by the intermediate certificate which is not installed into the server yet.

Really doesn't change the crux of what I said now does it. The certificate that is required has not been installed, the upgrade job is not finished, and the admin walked off. If this was a commercial server the sysadmin would be talking very quickly to try and save their job.

this issue should now be fixed. the admin finally fixed the server side certificate.

---

I can confirm the issue is now resolved for my Linux client; however, my Android devices are still unable to connect. Is there something still unresolved with the server side certs, or will this require a manual fix on the Android device end?

---

its been reported to me that you need a newer BOINC client. 8.2.5 works. older ones may not.

it may be that the Android client uses certificates bundled with BOINC. but I'm not sure about that specifically. but it's the only reason I can think that the newer client works while older ones don't.

---

Confirmed, updating from 8.0.2 to 8.2.5 fixed it on one of my Android devices.

Not sure if that's an option for my Amazon Fire tablet, as the BOINC download page suggests installing from the Amazon Appstore. That's a much earlier version (7.16.16) released in 2013 and is obviously no longer being updated.

I'll try installing the standard Android client and see if that works...

---

On my Fedora Linux computers 7.20.2 works but 7.17.0 does not.

Still says certificate problem.

Can't easily change the older version as it uses the Berkeley SH install setup and this is not updated anymore, those computers also use an older version of Fedora.

The one working has a newer Fedora version and I was forced to use the distribution install as I could not get the Berkeley installed version to work as I could not find the widget dependencies and after 2 days gave up.

So my push to get Asteroids to 10 Million + points is stalling before it gets going.
Well back to Gaia when it starts again.

Conan

For the latest ANDROID BOINC VERSION 8.2.5 you need to download the the APK (app file) directly from Berkeley and do a side load/manual install.

Android Version 8.2.5 Development version

Boinc 7.20.5 works on Debian 12 (Bookworm)
Boinc 7.16.16 doesn't work on Debian 11 (Bullseye)

There is a fix in the Problems and bug reports that worked for me (Debian 10).