Prefetch SSL Certificate Verification Error in NCBI SRA Toolkit #905
Comments
|
Same error here! I just installed the sra-tools 3.0.0 from bioconda and the same error arises. |
|
@ayala-usma, we don't support bioconda. |
|
@angerray, this error can happen when you are victim of a man-in-the-middle attack, or something that looks like it. Our software detects this problem when a browser is more easily fooled. Sometimes this situation occurs legitimately when your organization is running deep packet inspection firewalls, so while this may not be an actual attack, it looks the same from the client software perspective. |
|
@klymenko Is there any way to fix CA trust easily for orgs with SSL Inspection by providing it with required cert? EDIT: Ok, we have missed problems with 2.9.6 and it seems SRA Toolkit honors third party CA certs installed properly. |
|
Hi all! We have noticed the same issue with SRA Toolkit and other programs depending on it in our org. The following is a temporary workaround if you run into the issue. Windows is supposed to download missing root certificates from the list of trusted roots listed here The way that SRA Toolkit is making its request does not cause Windows to automatically download these. As a result, it fails if the root CA has not been downloaded previously. By constructing a WinHttp call to the same link, Windows will go through the automated process. Run in PowerShell: $winHttp = New-Object -ComObject WinHttp.WinHttpRequest.5.1 We have also seen issues where the download fails because the Amazon root trust is not downloaded so SRA toolkit cannot download the files from S3. Use these commands to make Windows download that appropriate cert: Run in PowerShell: $winHttp = New-Object -ComObject WinHttp.WinHttpRequest.5.1 |
Hello,
I'm encountering an issue with the NCBI SRA Toolkit, specifically with the
prefetchcommand. I have been attempting to download data from the SRA database, but I keep running into SSL certificate verification errors. Here's the detailed error message I received:2024-01-31T12:20:22 prefetch.3.0.10 sys: encryption failed while validating token within cryptographic module - Verification issue 0x4008 for this certificate: (cert. version: 3 serial number: 00 issuer name: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority subject name: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority issued on: 2004-06-29 17:06:20 expires on: 2034-06-29 17:06:20 signed using: RSA with SHA1 RSA key size: 2048 bits basic constraints: CA=true) 2024-01-31T12:20:22 prefetch.3.0.10 sys: mbedtls_ssl_get_verify_result for 'locate.ncbi.nlm.nih.gov' returned 0x4008 ( !! The certificate is not correctly signed by the trusted CA !! The certificate is signed with an unacceptable hash. )
I've tried restarting my system and ensuring that I'm using the latest version of the SRA Toolkit, but the issue persists. I'm seeking guidance on how to resolve this issue or work around it.
Is this a known issue, and are there any recommended steps to fix this? Any help or advice would be greatly appreciated.
Thank you.
The text was updated successfully, but these errors were encountered: