[RPKI] [ERROR] TLS alert received: Message

Tim Bruijnzeels tim at nlnetlabs.nl
Mon Feb 14 08:33:48 UTC 2022 

Ola,

Bom dia. Obrigado pela mensagem. Por favor, deixe-me continuar em inglês..

First of all, my apologies that this log message is unhelpful. I have created an
issue to add the URL in question to log messages in future so that it will be more
clear what connection failed exactly:
https://github.com/NLnetLabs/krill/issues/776

If I have to guess then it looks to me that a connection to a CA parent, or
publication server over https failed. Which version of Krill are you using? While
an invalid certificate for a parent or repository is not great, the provisioning
and publication protocols do not rely on transport security. We made a fix for
this in Krill release 0.9.2, see this issue on github:
https://github.com/NLnetLabs/krill/issues/628

So, if you are on Krill 0.9.2 or later then this should not happen at least in this
context.

Kind regards
Tim Bruijnzeels

Krill developer at NLnet Labs.



> On 14 Feb 2022, at 03:29, Pinguim Telecom via RPKI <rpki at lists.nlnetlabs.nl> wrote:
> 
> olá bom dia, gostaria de ajuda sobre o erro a seguir
> 
> 
> systemctl status krill
> ● krill.service - Krill
>    Loaded: loaded (/usr/lib/systemd/system/krill.service; enabled; vendor preset: disabled)
>    Active: active (running) since Sun 2022-02-13 20:57:01 EST; 31min ago
>      Docs: man:krill(1)
>  Main PID: 1266 (krill)
>     Tasks: 9 (limit: 34032)
>    Memory: 301.9M
>    CGroup: /system.slice/krill.service
>            └─1266 /usr/bin/krill --config=/etc/krill.conf
> 
> fev 13 20:57:02 srvdns2 krill[1266]: 2022-02-13 20:57:02 [INFO] Will re-sync all CAs with their parents and repository after startup
> fev 13 20:57:09 srvdns2 krill[1266]: 2022-02-13 20:57:09 [INFO] Updated announcements (1106047) based on BGP Ris Dumps
> fev 13 20:57:59 srvdns2 krill[1266]: 2022-02-13 20:57:59 [ERROR] TLS alert received: Message {
>                                          typ: Alert,
>                                          version: TLSv1_3,
>                                          payload: Alert(
>                                              AlertMessagePayload {
>                                                  level: Fatal,
>                                                  description: CertificateUnknown,
>                                              },
>                                          ),
>                                      }
>  -- 
> RPKI mailing list
> RPKI at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/rpki

More information about the RPKI mailing list