Security Update Failing on Cert Update
-
- Posts: 36
- Joined: Mon May 25, 2020 3:52 pm
- Location: Fort Collins, CO
- Has thanked: 2 times
- Been thanked: 7 times
- Contact:
Security Update Failing on Cert Update
When I run the 'update security' script, I get an error message saying:
mv: cannot move '/etc/ssl/certs/cert.pem' to '/etc/ssl/certs/<!DOCTYPE HTML PUBLIC" -//IETC/DTD HTML 2.0//EN">.pem': no such file or directory.
obviously, I could create that directory, but I have a nagging suspicion that's not the actual name of the directory it's supposed to be copying stuff into.
After that failure, it says, 'CA certificates have been successfully fixed.', but if I run the security update script again, it again tells me my certs need to be fixed and just goes through the same process with the error message.
Any thoughts?
mv: cannot move '/etc/ssl/certs/cert.pem' to '/etc/ssl/certs/<!DOCTYPE HTML PUBLIC" -//IETC/DTD HTML 2.0//EN">.pem': no such file or directory.
obviously, I could create that directory, but I have a nagging suspicion that's not the actual name of the directory it's supposed to be copying stuff into.
After that failure, it says, 'CA certificates have been successfully fixed.', but if I run the security update script again, it again tells me my certs need to be fixed and just goes through the same process with the error message.
Any thoughts?
- aberu
- Core Developer
- Posts: 1192
- Joined: Tue Jun 09, 2020 8:34 pm
- Location: Longmont, CO
- Has thanked: 247 times
- Been thanked: 411 times
- Contact:
Re: Security Update Failing on Cert Update
The problem is because whatever variable is plugging in `<!DOCTYPE HTML PUBLIC" -//IETC/DTD HTML 2.0//EN">` must be messed up. It looks like the parts that are supposed to echo sections into the cert itself or another file are just being passed into the filename.
birdybro~
-
- Posts: 36
- Joined: Mon May 25, 2020 3:52 pm
- Location: Fort Collins, CO
- Has thanked: 2 times
- Been thanked: 7 times
- Contact:
Re: Security Update Failing on Cert Update
Gotcha. I'll try to find the script on the file system and dissect it to see where it's falling apart.
-
- Posts: 36
- Joined: Mon May 25, 2020 3:52 pm
- Location: Fort Collins, CO
- Has thanked: 2 times
- Been thanked: 7 times
- Contact:
Re: Security Update Failing on Cert Update
Found it. The url to grab the certs has changed from https://curl.haxx.se/ca/cacert.pem to https://curl.se/ca/cacert.pem
Fixed the url and the certs updated without any issues.
Fixed the url and the certs updated without any issues.
- aberu
- Core Developer
- Posts: 1192
- Joined: Tue Jun 09, 2020 8:34 pm
- Location: Longmont, CO
- Has thanked: 247 times
- Been thanked: 411 times
- Contact:
Re: Security Update Failing on Cert Update
Ah, great job! You should submit a pull request on github for the script with the fix you included.
https://github.com/MiSTer-devel/Scripts ... y_fixes.sh
https://github.com/MiSTer-devel/Scripts ... y_fixes.sh
birdybro~
-
- Core Developer
- Posts: 51
- Joined: Mon May 25, 2020 9:55 am
- Has thanked: 1 time
- Been thanked: 8 times
Re: Security Update Failing on Cert Update
I just tested https://curl.haxx.se/ca/cacert.pem and it seems to work?
Maybe a temporary issue?
Regards.
Locutus73
Maybe a temporary issue?
Regards.
Locutus73
- kfreiberg
- Posts: 52
- Joined: Thu Sep 03, 2020 4:34 pm
- Location: Hoth (AKA Wisconsin)
- Has thanked: 7 times
- Been thanked: 7 times
Re: Security Update Failing on Cert Update
That sounds like a borg plot to me!Locutus73 wrote: ↑Tue Feb 02, 2021 11:09 am I just tested https://curl.haxx.se/ca/cacert.pem and it seems to work?
Maybe a temporary issue?
Regards.
Locutus73
- salamantecas
- Posts: 108
- Joined: Sat Feb 26, 2022 8:31 pm
- Has thanked: 110 times
- Been thanked: 14 times
Re: Security Update Failing on Cert Update
hello, it gives me a strange error recently and it tells me that I do not have the cert.perm in the /etc/ssl/certs/cacert.perm folder
If I try to copy it, it tells me an error because the destination is read-only and there is no way to insert it, instead I have a folder full of files with a pem extension. I didn't do anything weird just run update all from time to time until one day it gave a certificate error, I've run security_fixes but it doesn't solve the problem either
Do you know any ssh command that can make me download the cacert.perm to the correct path directly from the mister. I'm not fluent in linux, thanks in advance and I hope I've explained myself since the translator sometimes doesn't execute the translation correctly
If I try to copy it, it tells me an error because the destination is read-only and there is no way to insert it, instead I have a folder full of files with a pem extension. I didn't do anything weird just run update all from time to time until one day it gave a certificate error, I've run security_fixes but it doesn't solve the problem either
Do you know any ssh command that can make me download the cacert.perm to the correct path directly from the mister. I'm not fluent in linux, thanks in advance and I hope I've explained myself since the translator sometimes doesn't execute the translation correctly
- aberu
- Core Developer
- Posts: 1192
- Joined: Tue Jun 09, 2020 8:34 pm
- Location: Longmont, CO
- Has thanked: 247 times
- Been thanked: 411 times
- Contact:
Re: Security Update Failing on Cert Update
Login to the mister over ssh, and then run rm -rf /media/fat/scripts/.configsalamantecas wrote: ↑Mon Jul 11, 2022 2:59 pm hello, it gives me a strange error recently and it tells me that I do not have the cert.perm in the /etc/ssl/certs/cacert.perm folder
If I try to copy it, it tells me an error because the destination is read-only and there is no way to insert it, instead I have a folder full of files with a pem extension. I didn't do anything weird just run update all from time to time until one day it gave a certificate error, I've run security_fixes but it doesn't solve the problem either
Do you know any ssh command that can make me download the cacert.perm to the correct path directly from the mister. I'm not fluent in linux, thanks in advance and I hope I've explained myself since the translator sometimes doesn't execute the translation correctly
Rerun the script, see if that fixes it for ya.
birdybro~
- salamantecas
- Posts: 108
- Joined: Sat Feb 26, 2022 8:31 pm
- Has thanked: 110 times
- Been thanked: 14 times
Re: Security Update Failing on Cert Update
Thanks for the help and response, in my case it has not worked, it just keeps thinking and seems to delete the hidden folder /.configaberu wrote: ↑Mon Jul 11, 2022 4:03 pmLogin to the mister over ssh, and then run rm -rf /media/fat/scripts/.configsalamantecas wrote: ↑Mon Jul 11, 2022 2:59 pm hello, it gives me a strange error recently and it tells me that I do not have the cert.perm in the /etc/ssl/certs/cacert.perm folder
If I try to copy it, it tells me an error because the destination is read-only and there is no way to insert it, instead I have a folder full of files with a pem extension. I didn't do anything weird just run update all from time to time until one day it gave a certificate error, I've run security_fixes but it doesn't solve the problem either
Do you know any ssh command that can make me download the cacert.perm to the correct path directly from the mister. I'm not fluent in linux, thanks in advance and I hope I've explained myself since the translator sometimes doesn't execute the translation correctly
Rerun the script, see if that fixes it for ya.
I think the sd card must have been corrupted, which could already be. I will do a fresh install. Thank you very much for answering
-
- Top Contributor
- Posts: 860
- Joined: Wed Feb 09, 2022 11:50 pm
- Has thanked: 64 times
- Been thanked: 195 times
Re: Security Update Failing on Cert Update
Check to be sure your date and time in the Mister are correct. We had another person with a similar-sounding problem that wasn't getting the clock set by the NTP daemon. You can just look at the main menu header; where it says MiSTer and shows a network and RAM icon, to the right should be the date and time. If it's blank up there, your time is probably not being set correctly.