Ca-bundle.crt problems


#1

I can’t get the proxy server to talk back to Duo. When I run the authentication test I am getting a certificate error. This is a standard install with no custom settings. The only thing I have listed under [main] in the config is to turn on debug. I tried specifying the location of the ca-bundle.crt and that didn’t make a difference. The output from the connectivity_tool log is listed below.

2018-11-07T16:25:00-0500 [duoauthproxy.lib.log#warn] The RADIUS Server has
connectivity problems.
2018-11-07T16:25:00-0500 [duoauthproxy.lib.log#info] There are no configuration
problems related to connectivity.
2018-11-07T16:25:00-0500 [duoauthproxy.lib.log#error] The Auth Proxy was not able to ping Duo at ■■■■.
2018-11-07T16:25:00-0500 [duoauthproxy.lib.log#error] This appears to be because of unreadable or invalid CA certificates passed down by [main]'s http_ca_certs_file configuration option preventing the Auth Proxy from reaching out to Duo. Please refer to any errors above in main’s check to fix this and retry.
2018-11-07T16:25:00-0500 [duoauthproxy.lib.log#debug] Exception: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
2018-11-07T16:25:00-0500 [duoauthproxy.lib.log#warn] The Auth Proxy did not run the time drift check because of the problem(s) with the ping check. Resolve that issue and rerun the tester.
2018-11-07T16:25:00-0500 [duoauthproxy.lib.log#error] The Auth Proxy was not able to validate the provided API credentials.
2018-11-07T16:25:00-0500 [duoauthproxy.lib.log#error] This appears to be because of unreadable or invalid CA certificates passed down by [main]'s http_ca_certs_file configuration option preventing the Auth Proxy from reaching out to Duo. Please refer to any errors above in main’s check to fix this and retry.
2018-11-07T16:25:00-0500 [duoauthproxy.lib.log#debug] Exception: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
2018-11-07T16:25:00-0500 [duoauthproxy.lib.log#info] The Auth Proxy will be able to accept connections on port 1812 on all interfaces
2018-11-07T16:25:00-0500 [duoauthproxy.lib.log#info] -----------------------------


#2

Hi, please contact Duo Support for help with your issue.