Troubleshooting
Problem
When updating the Security Network IPS (GX), it can fail with an error about an SSL certificate problem.
Symptom
When applying an update on the GX, it can fail with the following message that is displayed in /var/log/messages:
Unable to download '/Proventia/G-Series/XPU_3_4.xml' from server 'xpu.iss.net'. Reason: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
Resolving The Problem
There have been issues in the past where the GX is not using the correct .crt file to verify the server certificate on xpu.iss.net. Add the following advanced parameter to the update settings policy and try the update again:
Name:
String value:
Notes:
Name:
Update.certificate.file
String value:
/etc/crm/msl-ca-bundle.crt
Notes:
- The fields above are case-sensitive. Enter them exactly as indicated.
- Make sure that you do not leave any white spaces at the end of the lines or the parameter will not be accepted.
[{"Product":{"code":"SS9SBT","label":"Proventia Network Intrusion Prevention System"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Updates","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"4.6.1;4.6.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
26 January 2021
UID
swg21612953