Error: "SSL certificate problem, verify that the CA cert is OK" when applying an update to a GX.

Technote (troubleshooting)


Problem(Abstract)

When applying an update from xpu.iss.net, you see the following error message in the message file:
"Unable to download '/Proventia/G-Series/XPU_3_4.xml' from server 'xpu.iss.net'. Reason:
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed"

Resolving the problem

There have been issues in the past where the GX is not using the correct .crt file to verify the server certificate on xpu.iss.net . Add the following advanced parameter to the update settings policy and try the update again:

Name: Update.certificate.file ( case sensitive)
String value: /etc/crm/msl-ca-bundle.crt

Make sure that you do not leave any white spaces at the end of the lines or the parameter will not be accepted.

If that does not work, then you can change the Trust level setting on the License and Update Servers tab in the update settings policy to "Trust-all" so it does not try to verify the certificate when it contacts xpu.iss.net.


If the above information does not resolve your issue, please contact IBM Security Systems Customer Support.

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security Network Intrusion Prevention System

Software version:

4.3, 4.4, 4.5, 4.6, 4.6.1, 4.6.2

Operating system(s):

Firmware

Reference #:

1612953

Modified date:

2012-10-03

Translate my page

Machine Translation

Content navigation