Error: "SSL certificate problem, verify that the CA cert is OK" when updating GX
When updating the Network IPS (GX), it may fail with the an error about an SSL certificate problem.
When applying an update on the GX, it may fail with the following message displayed in /var/log/messages:
Unable to download '/Proventia/G-Series/XPU_3_4.xml' from server 'xpu.iss.net'. Reason: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
Resolving the problem
There have been issues in the past where the GX is not using the correct .crt file to verify the server certificate on xpu.iss.net. Add the following advanced parameter to the update settings policy and try the update again:
- The fields above are case sensitive. Enter them exactly as shown above.
- Make sure that you do not leave any white spaces at the end of the lines or the parameter will not be accepted.
More support for:
IBM Security Network Intrusion Prevention System
Software version: 4.3, 4.4, 4.5, 4.6, 4.6.1, 4.6.2
Operating system(s): Firmware
Reference #: 1612953
Modified date: 2015-11-02