Hi to All,
often happens this type of error on my privacyidea logs:
[2017-09-05 10:56:41,607][13925][139631584597760][ERROR][privacyidea.lib.crypto:649] Failed to verify signature: u’id=22257,date=2017-08-30 09:34:35.221219,action=POST /validate/check,succ=0,serial=TOTP0011C758,t=None,u=xxxxxx.xxxxx,r=test.corp,adm=None,ad=,i=wrong otp value,ps=virtual1.test.corp,c=10.4.1.40,l=None,cl=None
What is Failed to verify signature?
Is related to ssl connection?
Anyone can help me?
Thanks a lot.
Nothing response?
Can it related to ssl?
I’ ve often had this type of error.
Probalby the audit log.
You may have changed your signing keys or being attacked.
Ok, thanks, can i recreate signing keys?
What is the procedure?
Thanks
Can i use:
pi-manage.py create_enckey
pi-manage.py create_audit_keys
without reinstalling everything?
Thanks.
Ok, problem solved.
I’ vre reexecuted pi-manage.py create_audit_keys
for every instances and all workings fine.
Best!
“Every instance”?
Is this a redundant setup? In a test environment?
If running redundancy you need the same signing keys on all nodes!
Hi Cornelinux,
yes i’m trying a setup with 3 istances with 3 postgres multimaster (2ndQuadrant + postgresBDR).
I work often with postgres Multimaster.
Why you suggest me same signing keys on all nodes?
You are running one privacyIDEA installation with redundant nodes. Nevertheless all nodes are writing to the same database. Also the audit log is written to the same database. The audit log entires are signed.
You can see on one node the entires of all nodes. THe signature is verified on the node, where you are viewing the audit log.
This would mean: Node2 signs an entry with the privateKey2. On Node1 you would try to verify the signature with the publicKey1. This would result in a signature failure for all entries written to node2 oder node3.
Ok! I try to verify!
Thansk a lot, Cornelius.
Perfect, all workings fine.
Thanks a lot, cornelius.