Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Cannot attach Ubuntu Pro, Cannot verify certificate of server

  1. #1
    Join Date
    Aug 2024
    Beans
    9

    Cannot attach Ubuntu Pro, Cannot verify certificate of server

    Hello,

    I have two LTS Ubuntu servers. One is running a monitoring service for printers(24.04) while the other is LibreNMS(22.04). When trying to attach a Pro subscription on either, neither one can access the URL for Canonical. I can ping just fine however it wont pull anything down. I've tried this on two different networks (one has SSL inspection on, one does not) and it did not work on either. I have also ran sudo apt upgrade ca-certificates and it says it is up to date. I assume I may need to manually insert something into an ssl file somewhere? Below is the sequence:



    I appreciate any help or suggestions!

  2. #2
    currentshaft is offline Oops! My Coffee Cup is empty.
    Join Date
    May 2024
    Beans
    Hidden!

    Re: Cannot attach Ubuntu Pro, Cannot verify certificate of server

    .
    Last edited by currentshaft; 4 Weeks Ago at 12:35 AM.

  3. #3
    Join Date
    Aug 2024
    Beans
    9

    Re: Cannot attach Ubuntu Pro, Cannot verify certificate of server

    Thank you for letting me know!

    sudo pro attach
    Initiating attach operation...
    Failed to access URL: https://contracts.canonical.com/vl/magic-attach Cannot verify certificate of server Please check your openssl configuration.

    I am fresh to Linux so Im not sure what I would put in there.

  4. #4
    Join Date
    Jun 2010
    Location
    London, England
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Cannot attach Ubuntu Pro, Cannot verify certificate of server

    That web address gives a 484 page not found error message. I do not know why the process is trying to access that page. The tutorial offers this address

    https://ubuntu.com/pro/attach?

    Click the Server tab.

    This is the full tutorial

    https://ubuntu.com/pro/tutorial

    I am wondering if you are purchasing a Ubuntu Pro subscription? Is that why you need a contract with Canonical? This link show the pricing structure.

    https://ubuntu.com/pricing/pro

    I see that a Server with unlimited VM's with SELF-SUPPORT (minimum level) is $500 per year.

    Perhaps you should contact Cannonical.

    Regards
    It is a machine. It is more stupid than we are. It will not stop us from doing stupid things.
    Ubuntu user #33,200. Linux user #530,530


  5. #5
    currentshaft is offline Oops! My Coffee Cup is empty.
    Join Date
    May 2024
    Beans
    Hidden!

    Re: Cannot attach Ubuntu Pro, Cannot verify certificate of server

    .
    Last edited by currentshaft; 4 Weeks Ago at 12:34 AM.

  6. #6
    Join Date
    Aug 2024
    Beans
    9

    Re: Cannot attach Ubuntu Pro, Cannot verify certificate of server

    @grahammechanical
    Thank you for the reply! I tried following the tutorial however I also cannot retrieve the code for the machine to inster into the attach website. The VM refuses to see canonical. Also, I may have mispoken, it is just an Ubuntu 22.04 VM used for LibreNMS so we are utilizing the 5 free personal tokens as we are not enterprise sized. I have the token and everything, it just wont connect to the site.
    Last edited by e4agc; August 6th, 2024 at 02:58 PM.

  7. #7
    Join Date
    Aug 2024
    Beans
    9

    Re: Cannot attach Ubuntu Pro, Cannot verify certificate of server

    Quote Originally Posted by currentshaft View Post
    Run this command and share the output:

    date ; echo | openssl s_client -connect contracts.canonical.com:443 -showcerts

    This is on one of the two networks I have access to. One goes through our Zscaler while one does not however I receive the same error on both networks.



    CONNECTED(00000003)
    ---
    Certificate chain
    0 s:CN = contracts.canonical.com
    i:C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscalertwo.net) (t) "
    aKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
    v:NotBefore: Aug 3 03:45:45 2024 GMT; NotAfter: Aug 17 03:45:45 2024 GMT
    -----BEGIN CERTIFICATE-----
    MIID6DCCAtCgAwIBAgISfrn8sxP4Gna3jlCZ4Xi6ct22MA0GCS qGSIb3DQEBCwUA
    MIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYT EVMBMGA1UECgwM
    WnNjYWxlciBJbmMuMRUwEwYDVQQLDAxac2NhbGVyIEluYy4xOz A5BgNVBAMMMlpz
    Y2FsZXIgSW50ZXJtZWRpYXRlIFJvb3QgQ0EgKHpzY2FsZXJ0d2 8ubmV0KSAodCkg
    MB4XDTI0MDgwMzAzNDU0NVoXDTI0MDgxNzAzNDU0NVowIjEgMB 4GA1UEAxMXY29u
    dHJhY3RzLmNhbm9uaWNhbC5jb20wggEiMA0GCSqGSIb3DQEBAQ UAA4IBDwAwggEK
    AoIBAQDWfUopHQt/mQJUmA12WULozsEnS8eKfA3Ib44O3lIREXn1JG4Dp7n4/yTn
    T8ooQyaP8nh22PtpQxTNAbNa4AujlYKS9TiRChpIAOOcPNVvkh znVS/IC9JDJoE7
    vaSCOTo1M7jgyH436Z7bFK2+9oML90TtWOo4qCihbRzMG9ZICb 7qbkwQoLGGNM1p
    9MMjmJuh/uTx86P1doRy1FZHpAndpwoXSjQUQBt1MRpNOR6Wgat3hHhQ9MU tzmtZ
    vwkPcTahcn0lQ3WLPyq4u97u52eTtGEGlcz5+ee8tdP/F1Xj2cpEZURVnAdH3DOU
    hmTmPTJtC5QqLcX5E1nfYQ+mLDaZAgMBAAGjgaswgagwDgYDVR 0PAQH/BAQDAgWg
    MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHR MBAf8EAjAAMCIG
    A1UdEQQbMBmCF2NvbnRyYWN0cy5jYW5vbmljYWwuY29tMEUGA1 UdHwQ+MDwwOqA4
    oDaGNGh0dHA6Ly9nYXRld2F5LnpzY2FsZXJ0d28ubmV0L3pzY2 FsZXItenNjcmwt
    LTQtMS5jcmwwDQYJKoZIhvcNAQELBQADggEBAGHaotDHaLdzUP Sl20H1xTH9r3QW
    35q4Mln6F9X7gsDQ28TQMT/356RYkFrmDakvLwrMCqDpK8K4+PFjaTaASV/rpXj8
    j+LvG3Ann47eeAP6QOgMX3fEA4m8cBVwRWXeU8oknNaJBdV/yXUQE45KxCsQST+w
    GYpAnuHK3M3FcmO71QEIBVUjkhwiU6QkofkIBUg9F6hZL2DW8c F7xVYGDb35gjv1
    F58kOW+m6++LWOEAl1jOcupjP0+wBt1ZqWc2FwDEhyXH6kb+NB ZeveKVkqnXSDh7
    Y1HlJYrJCkf4jkO7L1rYcw99HrtyqHAgAqkaeKwesa6ubTtCMI u5FWwRUmk=
    -----END CERTIFICATE-----
    1 s:C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscalertwo.net) (t) "
    i:C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscalertwo.net), emailAddress = support@zscaler.com
    aKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
    v:NotBefore: Aug 3 03:45:45 2024 GMT; NotAfter: Aug 17 03:45:45 2024 GMT
    -----BEGIN CERTIFICATE-----
    MIIEQjCCAyqgAwIBAgIEZq2n6TANBgkqhkiG9w0BAQsFADCBrD ELMAkGA1UEBhMC
    VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFTATBgNVBAoTDFpzY2 FsZXIgSW5jLjEV
    MBMGA1UECxMMWnNjYWxlciBJbmMuMTYwNAYDVQQDEy1ac2NhbG VyIEludGVybWVk
    aWF0ZSBSb290IENBICh6c2NhbGVydHdvLm5ldCkxIjAgBgkqhk iG9w0BCQEWE3N1
    cHBvcnRAenNjYWxlci5jb20wHhcNMjQwODAzMDM0NTQ1WhcNMj QwODE3MDM0NTQ1
    WjCBjTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaW ExFTATBgNVBAoM
    DFpzY2FsZXIgSW5jLjEVMBMGA1UECwwMWnNjYWxlciBJbmMuMT swOQYDVQQDDDJa
    c2NhbGVyIEludGVybWVkaWF0ZSBSb290IENBICh6c2NhbGVydH dvLm5ldCkgKHQp
    IDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhK1y byJ+nQjuqG2KNX
    eE+If8h65Cqx25RiEBhqXcBMhX2NFjU/QrH7mDG10hEtudXq++RTFILZ8BC2n+wv
    Wqibsd9BP6AYGhrOgs/UHVns52nuXUXY0syc3lkH1qrA740VccjqY/Ol+DYduLvR
    YxZ2UOPvzL05vJJBcct2s4WncwwUNJxYkRASOAeNEy7Z+PjA0v +IBDsrmfwzq4Dm
    oT9dmGN6ruBJJ55xjE961E93XI29ouwCi0eKEuzvBqR/cst1nTD0jOMboDgLkdQt
    qLCu9AUylkgnzZxEu16lpK0ahtB7wYfbSbH5o7bxmqI6Dyi/CwOUjruoVlA6hz78
    5xsCAwEAAaOBiDCBhTAdBgNVHQ4EFgQUgKXmzVQnaeimBs6eUW qC8pCtK1MwDwYD
    VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAf4wQwYDVR0fBDwwOjA4oDagNIYy
    aHR0cDovL2dhdGV3YXkuenNjYWxlcnR3by5uZXQvY3JsL3pzMi 1rZWstLTQtMS5j
    cmwwDQYJKoZIhvcNAQELBQADggEBAFV2vak9Tnl6+8NG1OUOM3 5fd/hy2ZErKGBI
    TIAMUs27nK71NNGh9ILbHcTNs/UNE0HBSGT5ZPwUh0otZcmRAQ/4RWAmdGY9cUZ1
    pDDgKpjM8c2lnhAlez7Z2CQHJqDTtUnzErFpCkC3n1V1n0zZNF 2uDgUM4YSH248T
    R6HZC2sG1Phkyf9P34EQbgHrW1SF+lHu+RXgFn5aR/dX/ND3ub3QwUe/3dlSNv8I
    U8RP/h+nzjKBBuU2tfguXsh4+C+XcnL9V6Ig19c9QckIZGg9s9PN/FBwg4A3zVq+
    dqc662JFreOKwbjGIRNr51tS2hbyJvgbhbIy93PAr3+O0VLVHW o=
    -----END CERTIFICATE-----
    2 s:C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscalertwo.net), emailAddress = support@zscaler.com
    i:C = US, ST = California, L = San Jose, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Root CA, emailAddress = support@zscaler.com
    aKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
    v:NotBefore: Jun 5 05:32:29 2020 GMT; NotAfter: Jun 23 05:32:29 2041 GMT
    -----BEGIN CERTIFICATE-----
    MIIERzCCAy+gAwIBAgICAQAwDQYJKoZIhvcNAQELBQAwgaExCz AJBgNVBAYTAlVT
    MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm 9zZTEVMBMGA1UE
    ChMMWnNjYWxlciBJbmMuMRUwEwYDVQQLEwxac2NhbGVyIEluYy 4xGDAWBgNVBAMT
    D1pzY2FsZXIgUm9vdCBDQTEiMCAGCSqGSIb3DQEJARYTc3VwcG 9ydEB6c2NhbGVy
    LmNvbTAeFw0yMDA2MDUwNTMyMjlaFw00MTA2MjMwNTMyMjlaMI GsMQswCQYDVQQG
    EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEChMMWn NjYWxlciBJbmMu
    MRUwEwYDVQQLEwxac2NhbGVyIEluYy4xNjA0BgNVBAMTLVpzY2 FsZXIgSW50ZXJt
    ZWRpYXRlIFJvb3QgQ0EgKHpzY2FsZXJ0d28ubmV0KTEiMCAGCS qGSIb3DQEJARYT
    c3VwcG9ydEB6c2NhbGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQ ADggEPADCCAQoC
    ggEBAM9xxb9SVjz6HtwjcUP8lv+hNCKFiw3yftozjqR3CH0n9X 8xEfqTI/EMgplD
    EfE2+35AbCoBz51R3ox07x5wi40HIczswffEbauOeEsv6f5i9+ YCeU8BQXGcHQfr
    iGTt0twlGWTu6fTUQanO+ZN74ryrx9LPXfYf4A6P/bCp3O0ZQ2g41ZGrwq0a6N20
    u93IZvN5fzvIMWpkx42cqQLkA+sFyjgttwXZb4RWeZS3qkZjfo P9a0AwA3ikDu+X
    1P5wYhxznPNEYJGHXOjijVGlAnPAVlUSx8wN05Uf/wUHc0dBMHvhE4zU/XX2p0gK
    7lv43LRJBaCerp2CrndkeUODM00CAwEAAaN8MHowHQYDVR0OBB YEFE2yfVhAxH8h
    7ZnemT8RNxGls8gRMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAg H+MD4GA1UdHwQ3
    MDUwM6AxoC+GLWh0dHA6Ly9nYXRld2F5LnpzY2FsZXJ0d28ubm V0L2NybC96czIt
    aW50LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAeYGrs/oT9ukfNQWVbqOPCk81LmMq
    iO0W/QQ+93xV1ovmmLKZt74l/5MZpUGYbBbCW/vNGjWwDYHC36GRHHRrbqsPG5R9
    VcZYSUwZ32QcIvACiijfCPdmyeCRBO3IwPVhuK2aleZOM5usQ6 PY71FNYWZKZwoh
    79k6wpdgMbEE7/Iq0hWdgj6r3Pk2Ag4G0v54fxIp9hcN+vJe3lm7NFg6btn60Og6
    dZn+0MstMuujCSRHSK8KRE8IT9DZ5/7QJRQv40c8Tc5i6IRy0unYQaFXBw7RBTcE
    nx91KjR7+Gg4ldss5p4RNrpIlYDfon+KfTekgNnAu5NVCcva2y oByhA8Rg==
    -----END CERTIFICATE-----
    ---
    Server certificate
    subject=CN = contracts.canonical.com
    issuer=C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscalertwo.net) (t) "
    ---
    No client certificate CA names sent
    Peer signing digest: SHA256
    Peer signature type: RSA-PSS
    Server Temp Key: ECDH, prime256v1, 256 bits
    ---
    SSL handshake has read 3889 bytes and written 763 bytes
    Verification error: unable to get local issuer certificate
    ---
    New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 20 (unable to get local issuer certificate)
    ---

  8. #8
    currentshaft is offline Oops! My Coffee Cup is empty.
    Join Date
    May 2024
    Beans
    Hidden!

    Re: Cannot attach Ubuntu Pro, Cannot verify certificate of server

    happy
    Last edited by currentshaft; 4 Weeks Ago at 01:11 AM.

  9. #9
    Join Date
    Aug 2024
    Beans
    9

    Re: Cannot attach Ubuntu Pro, Cannot verify certificate of server

    Quote Originally Posted by currentshaft View Post
    Whoever is running ZScaler is MITM'ing all your connections which are supposed to be end-to-end encrypted.

    Ubuntu is literally protecting you from this by distrusting the connection: " Verification error: unable to get local issuer certificate "

    You should take this up with your system administrator.

    Is it relevant that I cannot access contracts.canonical.com from any device regardless of network without receiving a 404 error?

  10. #10
    currentshaft is offline Oops! My Coffee Cup is empty.
    Join Date
    May 2024
    Beans
    Hidden!

    Re: Cannot attach Ubuntu Pro, Cannot verify certificate of server

    jq
    Last edited by currentshaft; 4 Weeks Ago at 01:11 AM.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •