[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-users
Subject: Re: [clamav-users] ssl peer certificate or ssh remote key was not ok
From: Petr_Novák_via_clamav-users <clamav-users () lists ! clamav ! net>
Date: 2023-04-05 6:35:23
Message-ID: CAEOrbfPCBX02tdKM-Fs_an-tuqhPYFV2iKZC9dYVaYQeRKiwSg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello Micah,
Thank you for your reply.
Unfortunately, when I use the CURL_CA_BUNDLE variable, I get a different
error:
Message: Problem with the SSL CA cert (path? access rights?
Is there something I did wrong when I imported the certificate from my
Windows private mirror?
Thanks!
po 3. 4. 2023 v 19:57 odesílatel Micah Snyder (micasnyd) <micasnyd@cisco.com>
napsal:
> I'm not sure this will help, but can you try using the CURL_CA_BUNDLE
> environment variable to see if that helps?
>
> Ex:
>
> CURL_CA_BUNDLE=/usr/local/share/ca-certificates/cert.crt freshclam
>
>
> https://docs.clamav.net/faq/faq-freshclam.html?highlight=curl_#problem-with-the-ssl-ca-cert
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
> ------------------------------
> *From:* clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of
> Petr Novák via clamav-users <clamav-users@lists.clamav.net>
> *Sent:* Monday, April 3, 2023 7:23 AM
> *To:* clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
> *Cc:* Petr Novák <larryn13@gmail.com>
> *Subject:* [clamav-users] ssl peer certificate or ssh remote key was not
> ok
>
> Hi guys,
>
> I have an issue with freshclam.
>
> We are setting up freshclam clients (Debian 11) which are downloading
> database via private mirror which is using HTTPS. When I tried to use
> freshclam on my Windows client, it worked, but on my Debian Client, I get
> error message "ssl peer certificate or ssh remote key was not ok".
>
> I imported my private mirror's SSL certificate via this method:
> cp cert.crt /usr/local/share/ca-certificates/
> update-ca-certificates
>
> But even after this, the error still persists.
>
> Is there any way to make this work? I am a beginner in Linux, so I don't
> really know what to do next.
>
> Thanks
>
[Attachment #5 (text/html)]
<div dir="ltr"><div dir="ltr"><div dir="ltr">Hello Micah,<div><br></div><div>Thank \
you for your reply.</div><div><br></div><div>Unfortunately, when I use the <span \
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">CURL_CA_BUNDLE \
variable, I get a different error:</span></div><div><span \
style="color:rgb(197,200,198);font-family:monospace;font-size:16px;white-space:pre;background-color:rgb(29,31,33)">Message: \
Problem with the SSL CA cert (path? access rights?</span><span \
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px"><br></span></div><div><span \
style="color:rgb(197,200,198);font-family:monospace;font-size:16px;white-space:pre;background-color:rgb(29,31,33)"><br></span></div><div>Is \
there something I did wrong when I imported the certificate from my Windows private \
mirror?</div><div><br></div><div>Thanks!</div></div></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">po 3. 4. 2023 v 19:57 \
odesílatel Micah Snyder (micasnyd) <<a \
href="mailto:micasnyd@cisco.com">micasnyd@cisco.com</a>> \
napsal:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
class="msg5343257504771628919">
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
I'm not sure this will help, but can you try using the CURL_CA_BUNDLE \
environment variable to see if that helps?<br> <br>
Ex:<br>
<br>
CURL_CA_BUNDLE=/usr/local/share/ca-certificates/cert.crt freshclam<br>
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<a href="https://docs.clamav.net/faq/faq-freshclam.html?highlight=curl_#problem-with-the-ssl-ca-cert" \
id="m_-1861840641415102270LPNoLPOWALinkPreview" \
target="_blank">https://docs.clamav.net/faq/faq-freshclam.html?highlight=curl_#problem-with-the-ssl-ca-cert</a><br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<div></div>
<br>
</div>
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Regards,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Micah</div>
<div id="m_-1861840641415102270Signature">
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br style="font-family:Helvetica;font-size:12px;font-weight:normal;text-align:start">
<span style="font-family:Helvetica;font-size:12px;font-weight:normal;text-align:start;display:inline">Micah \
Snyder</span><br style="font-family:Helvetica;font-size:12px;font-weight:normal;text-align:start">
<span style="font-family:Helvetica;font-size:12px;font-weight:normal;text-align:start;display:inline">ClamAV \
Development</span><br \
style="font-family:Helvetica;font-size:12px;font-weight:normal;text-align:start"> \
<span style="font-family:Helvetica;font-size:12px;font-weight:normal;text-align:start;display:inline">Talos</span><br \
style="font-family:Helvetica;font-size:12px;font-weight:normal;text-align:start"> \
<span style="font-family:Helvetica;font-size:12px;font-weight:normal;text-align:start;display:inline">Cisco \
Systems, Inc.</span><br> </div>
</div>
</div>
</div>
<div id="m_-1861840641415102270appendonsend"></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<hr style="display:inline-block;width:98%">
<div id="m_-1861840641415102270divRplyFwdMsg" dir="ltr"><font face="Calibri, \
sans-serif" style="font-size:11pt;color:rgb(0,0,0)"><b>From:</b> clamav-users <<a \
href="mailto:clamav-users-bounces@lists.clamav.net" \
target="_blank">clamav-users-bounces@lists.clamav.net</a>> on behalf of Petr \
Novák via clamav-users <<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <b>Sent:</b> Monday, April \
3, 2023 7:23 AM<br> <b>To:</b> <a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a> <<a \
href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <b>Cc:</b> Petr Novák \
<<a href="mailto:larryn13@gmail.com" \
target="_blank">larryn13@gmail.com</a>><br> <b>Subject:</b> [clamav-users] ssl \
peer certificate or ssh remote key was not ok</font> <div> </div>
</div>
<div><span style="word-spacing:1px;color:rgb(49,49,49)">Hi guys,</span>
<div dir="auto" style="word-spacing:1px;color:rgb(49,49,49)"><br>
</div>
<div dir="auto" style="font-size:1rem;word-spacing:1px;color:rgb(49,49,49)">
I have an issue with freshclam.</div>
<div dir="auto" style="word-spacing:1px;color:rgb(49,49,49)"><br>
</div>
<div dir="auto" style="font-size:1rem;word-spacing:1px;color:rgb(49,49,49)">
We are setting up freshclam clients (Debian 11) which are downloading database via \
private mirror which is using HTTPS. When I tried to use freshclam on my Windows \
client, it worked, but on my Debian Client, I get error message "ssl peer \
certificate or ssh remote key was not ok".</div>
<div dir="auto" style="word-spacing:1px;color:rgb(49,49,49)"><br>
</div>
<div dir="auto" style="font-size:1rem;word-spacing:1px;color:rgb(49,49,49)">
I imported my private mirror's SSL certificate via this method:</div>
<div dir="auto" style="word-spacing:1px;color:rgb(49,49,49)"><span \
style="font-family:"Courier \
New",Courier,monospace;font-size:0.9rem;color:rgb(51,51,51);background-color:rgb(243,243,243)">cp \
cert.crt /usr/local/share/ca-certificates/</span><br> </div>
<div dir="auto" style="word-spacing:1px;color:rgb(49,49,49)"><span \
style="font-family:"Courier \
New",Courier,monospace;font-size:0.9rem;color:rgb(51,51,51);background-color:rgb(243,243,243)">update-ca-certificates</span></div>
<div dir="auto" style="word-spacing:1px;color:rgb(49,49,49)"><span \
style="font-family:"Courier \
New",Courier,monospace;font-size:14.4px;color:rgb(51,51,51);background-color:rgb(243,243,243)"><br>
</span></div>
<div dir="auto" style="font-size:1rem;word-spacing:1px;color:rgb(49,49,49)">
But even after this, the error still persists.</div>
<div dir="auto" style="word-spacing:1px;color:rgb(49,49,49)"><br>
</div>
<div dir="auto" style="font-size:1rem;word-spacing:1px;color:rgb(49,49,49)">
Is there any way to make this work? I am a beginner in Linux, so I don't really \
know what to do next.</div> <div dir="auto" \
style="word-spacing:1px;color:rgb(49,49,49)"><br> </div>
<div dir="auto" style="font-size:1rem;word-spacing:1px;color:rgb(49,49,49)">
Thanks</div>
</div>
</div>
</div></blockquote></div>
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic