Error: "SSL certificate problem, verify that the CA cert is OK" when updating Security Network IPS
When updating the Security Network IPS (GX), it can fail with an error about an SSL certificate problem.
When applying an update on the GX, it can fail with the following message that is displayed in /var/log/messages:
Unable to download '/Proventia/G-Series/XPU_3_4.xml' from server 'xpu.iss.net'. Reason: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
Resolving the problem
There have been issues in the past where the GX is not using the correct .crt file to verify the server certificate on xpu.iss.net. Add the following advanced parameter to the update settings policy and try the update again:
- The fields above are case-sensitive. Enter them exactly as indicated.
- Make sure that you do not leave any white spaces at the end of the lines or the parameter will not be accepted.
More support for:
IBM Security Network Intrusion Prevention System
Software version: 4.6.1, 4.6.2
Operating system(s): Firmware
Reference #: 1612953
Modified date: 08 September 2015