[1.2.0] Incorrect SSL certificate warning Astraweb

Report & discuss bugs found in SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
User avatar
safihre
Administrator
Administrator
Posts: 5338
Joined: April 30th, 2015, 7:35 am
Contact:

Re: [1.2.0] Incorrect SSL certificate warning Astraweb

Post by safihre »

Really? That sounds impossible. That certificate is when you use HTTPS to connect to sabnzbd, nothing at all related to newsservers.
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
buriedpast
Newbie
Newbie
Posts: 11
Joined: January 24th, 2017, 12:01 pm

Re: [1.2.0] Incorrect SSL certificate warning Astraweb

Post by buriedpast »

Gave that a shot but it didn't work. I believe those options are only if you intend to access the Sabnzbd interface via a HTTPS connection and have no impact on how Sabnzbd accesses a newsserver via HTTPS. Thanks anyway.
Last edited by buriedpast on January 30th, 2017, 7:34 pm, edited 1 time in total.
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: [1.2.0] Incorrect SSL certificate warning Astraweb

Post by sander »

buriedpast wrote:This is a fairly recent clean install of Windows 7 Professional. The only security software installed is Symantec Endpoint Protection.

My best guess is that your Symantec software is causing the problem.

So I would try this: de-install & remove all Symantec software. Note: that is something else than de-activating. Then reboot Windows, and try again.
buriedpast
Newbie
Newbie
Posts: 11
Joined: January 24th, 2017, 12:01 pm

Re: [1.2.0] Incorrect SSL certificate warning Astraweb

Post by buriedpast »

sander - uninstalled the Symantec software and rebooted and (drumroll), no dice. Still shows an invalid certificate. Actually, I expected that result since I've done a bit of testing since my last posts and as suggested by safihre, I believe my problem relates to certificates.

Not to bore people too much, but I have two other Windows 7 Pro machines that I figured I'd test on .. what the heck. And both have Symantec installed. One was another fairly recent install of Windows (less than 6 - 9 months) and when installing Sabnzbd and getting to the wizard section where the newsserver is configured - invalid certificate. The other has been around for closer to 18 months. When installing on that one and reaching the wizard configuration - lo and behold, the certificate is valid! Took a look using certmgr.msc and I see that the successful machine has 43 trusted certificates and 35 3rd party certs versus approximately 24 and 13, respectively, on the other two non-working machines. Leads me to believe there's a certificate or two (or more) that I need installed on the other machine(s).

How hard can that be to fix I say to myself. So, I exported all the certificates from the good install and imported them to the original, non-working certificate machine and ... I really screwed things up! Although Windows boots, Sabnzbd tells me that although encrypted communication will be performed, no certificate validation will be performed unless I have a) Python, b) openSSL or c) valid certificates installed. At least I had a restore point which brought me back to my original state of needing to disable certificate validation. Whew!

I need to educate myself and understand certificate export/import functions a bit more since I believe my solution lies in that arena and obviously, I did something wrong. But a question I have is that when I'm connected to a newsserver with certificate validation disabled, but using their ssl address and port 563 with SSL checked in Sabnzbd, is it correct to assume that my connection is encrypted and protected? And all I'm really losing is the ability to actually validate the server I'm connecting to with Sabnzbd? What's my exposure under that scenario until I'm able to actually fix the problem?

Thanks again everyone - the input is great!
buriedpast
Newbie
Newbie
Posts: 11
Joined: January 24th, 2017, 12:01 pm

Re: [1.2.0] Incorrect SSL certificate warning Astraweb

Post by buriedpast »

OK, for anyone else who might be facing this situation, I've found a "solution"

On the Microsoft forums, there's a post regarding missing certificates in a Windows 7 64-bit installation. See the post at the following link:

Code: Select all

https://answers.microsoft.com/en-us/windows/forum/all/windows-7-64-bit-not-being-offered-kb931125-roots/aae0741d-df61-4a28-aaa3-d77c80929af1
In this post, the Microsoft moderator suggests that as a workaround, you can download the following file and install the updated root certificates.

Code: Select all

http://download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe
This finally fixed my situation and I can now access "ssl-us.astraweb.com" with either Default or Strict certificate validation settings. The only thing is that the number of entries listed under Trusted Certificates on my computer has increased from 24 to 360! I may play around and see if I can reduce that number and install just the required certificates at some later date.

How knows? Maybe I hosed myself in that the download wasn't from a secure link, but I figure the moderator is on the up and up.
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: [1.2.0] Incorrect SSL certificate warning Astraweb

Post by sander »

Cool. Well done!
Post Reply