Univention Bugzilla – Bug 57281
setup_saml_sp fails to download ucs-sso certificate: invalid SSL certificate
Last modified: 2024-05-14 07:50:19 CEST
``` univention-management-console-web-server (14.0.16) wird eingerichtet ... Neue Version der Konfigurationsdatei /etc/univention/templates/info/univention-management-console-web-server.info wird installiert ... File: /etc/apache2/sites-available/univention.conf Module: configure_umc_multiprocessing Module: setup_oidc_rp umc/oidc/issuer not set, nothing to do Module: setup_saml_sp Try to download idp metadata (1/60) % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL: no alternative certificate subject name matches target host name 'ucs-sso.dev52.qa' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. Try to download idp metadata (2/60) ... ``` /etc/univention/templates/modules/setup_saml_sp.py::download_idp_metadata should check the exit code of `subprocess.call(["curl",…])` and do NOT retry on permanent errors. Better use requests / http.client / urllib.request / httpx instead of calling an external comman.