Technote (troubleshooting)
Problem(Abstract)
When applying an update from xpu.iss.net you see the following error message in the message file:
"Unable to download '/Proventia/G-Series/XPU_3_4.xml' from server 'xpu.iss.net'. Reason:
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed"
Resolving the problem
There have been issues in the past where the GX is not using the correct .crt file to verify the server certificate on xpu.iss.net . Add the following advanced parameter to the update settings policy and try the update again:
Name: Update.certificate.file ( case sensitive)
String value: /etc/crm/msl-ca-bundle.crt
Make sure that you do not leave any white spaces at the end of the lines or the parameter will not be accepted.
If that does not work, then you can change the Trust level setting on the License and Update Servers tab in the update settings policy to "Trust-all" so it does not try to verify the certificate when it contacts xpu.iss.net.
If the above information does not resolve your issue, please contact IBM Security Systems Technical Support.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.