Hallo zusammen!
Nachdem ich eine VM (KVM) neben der schon laufenden anlegen wollte, wurde mir das Abschliessen der Konfig mit folgender Meldung quittiert:
[quote]Die Anfrage konnte nicht bearbeitet werden.
Fehlernachricht des Servers:
Fehler: {‘info’: ‘error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)’, ‘desc’: ‘Connect error’}[/quote]
/var/log/univention/virtual-machine-manager-daemon.log :
2015-10-25 14:42:29,551 - uvmmd.node - ERROR - ('qemu://assvhl03.as10/system',): Exception in timer_callbck
Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/uvmm/node.py", line 547, in run
self.update_autoreconnect()
File "/usr/lib/pymodules/python2.7/univention/uvmm/node.py", line 566, in update_autoreconnect
self.update()
File "/usr/lib/pymodules/python2.7/univention/uvmm/node.py", line 699, in update
domStat = Domain(dom, node=self)
File "/usr/lib/pymodules/python2.7/univention/uvmm/node.py", line 198, in __init__
self.update_ldap()
File "/usr/lib/pymodules/python2.7/univention/uvmm/node.py", line 305, in update_ldap
self.pd.annotations = ldap_annotation(self.pd.uuid)
File "/usr/lib/pymodules/python2.7/univention/uvmm/uvmm_ldap.py", line 165, in ldap_annotation
lo, position = univention.admin.uldap.getMachineConnection(ldap_master=False)
File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 75, in getMachineConnection
lo=univention.uldap.getMachineConnection(start_tls, decode_ignorelist=decode_ignorelist, ldap_master=ldap_master)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 106, in getMachineConnection
lo=access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 177, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 215, in __open
self.lo.start_tls_s()
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s
res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s
return self._ldap_call(self._l.start_tls_s)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
CONNECT_ERROR: {'info': 'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)', 'desc': 'Connect error'}
/var/lib/libvirt/images# ldapsearch -x -ZZ -s base -d 1 -h as10
ldap_create
ldap_url_parse_ext(ldap://as10)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP as10:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.10.10.10:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 31 bytes to sd 3
ldap_result ld 0x16981c0 msgid 1
wait4msg ld 0x16981c0 msgid 1 (infinite timeout)
wait4msg continue ld 0x16981c0 msgid 1 all 1
** ld 0x16981c0 Connections:
* host: as10 port: 389 (default)
refcnt: 2 status: Connected
last used: Sun Oct 25 14:01:57 2015
** ld 0x16981c0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x16981c0 request count 1 (abandoned 0)
** ld 0x16981c0 Response Queue:
Empty
ld 0x16981c0 response count 0
ldap_chkResponseList ld 0x16981c0 msgid 1 all 1
ldap_chkResponseList returns ld 0x16981c0 NULL
ldap_int_select
read1msg: ld 0x16981c0 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 36 contents:
read1msg: ld 0x16981c0 msgid 1 message type extended-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x16981c0 0 new referrals
read1msg: mark request completed, ld 0x16981c0 msgid 1
request done: ld 0x16981c0 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eAA) ber:
ber_scanf fmt (a) ber:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 20, subject: /C=DE/ST=DE/L=DE/O=as10 GmbH/OU=Univention Corporate Server/CN=assvhl03.as10/emailAddress=ssl@as10, issuer: /C=DE/ST=DE/L=DE/O=as10 GmbH/OU=Univention Corporate Server/CN=Univention Corporate Server Root CA (ID=4zS17UQd)/emailAddress=ssl@as10
TLS certificate verification: Error, unable to get local issuer certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unable to get local issuer certificate).
ldap_err2string
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unable to get local issuer certificate)
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
ldap_free_connection: actually freed
Wie kann ich das reparieren?
Der UCS laeuft momentan noch “stand alone”, also ohne Clients oder Anbindung an eine AD.
Die CA habe ich lt. der Anleitung hier im Forum auch schon neu erzeugt.
Was aber nicht hilfreich war.
any suggetions?
Vielen Dank!
winke und Gruss
Thomas