• Recent blogs

    SMT : ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)

    SMT : ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)

    You'll get this error while registering a client with SMT server. The cause of this error could be one of the below.

    1. The CA has been expired.
    2. Server Certificate has been expired.
    3. The time sync issue with Server.

    In My case it was an issue with "Server Certificate has been expired". I'll take you through the troubleshooting steps.

    1. Check the CA expiry date.

    openssl x509 -in smt.crt -text

    You'll see a "Not after" column in the given command output. If the date has been passed you need to recreate the CA otherwise you are good to go.

    2. For Server Certificate validity check :

    Yast --> Security and Users --> Common Server Certificate

    3. Now we need recreate the Server Certificate.
    Select the CA in the YaST2 CA management module.
    Press "Enter CA".
    Enter the CA password.
    Select the Certificates tab.
    Click on "Add" and choose Server Certificate.
    Provide the requested data:
    For Common Name put in the FQDN of the server.
    Add an valid email address of the server administrator and press "Add".
    Press "Next".
    Select 'Next' to get to an overview over the certificate.
    Select 'Create' to create the server certificate.

    4. Now we need to export the newly created Server Certificate:

        On the certificates tab you will find  "Export" option.
        Select "Export as common server certificate".
        Enter the password that was chosen for the server certificate.
        A message "Certificate has been written as common server certificate" will be displayed.
        In the YaST2 CA management module change to the "Description" tab and select "Advanced / Export to File".
        Select "Only the Certificate in PEM Format" and enter "/srv/www/htdocs/smt.crt" as the filename.
        Select "Ok" to export the file. Now exit the YaST.

    5. Restart the SMT .

    rcsmt restart

    6. Now you can register the client with new certificates and see how it behaves.

    No comments