When applying an update from xpu.iss.net, you see the following error message in the message file:
"Unable to download '/Proventia/G-Series/XPU_3_4.xml' from server 'xpu.iss.net'. Reason:
SSL certificate problem, verify that the CA cert is OK. Details:
Resolving the problem
There have been issues in the past where the GX is not using the correct .crt file to verify the server certificate on xpu.iss.net . Add the following advanced parameter to the update settings policy and try the update again:
Name: Update.certificate.file ( case sensitive)
String value: /etc/crm/msl-ca-bundle.crt
Make sure that you do not leave any white spaces at the end of the lines or the parameter will not be accepted.
If that does not work, then you can change the Trust level setting on the License and Update Servers tab in the update settings policy to "Trust-all" so it does not try to verify the certificate when it contacts xpu.iss.net.
If the above information does not resolve your issue, please contact IBM Security Systems Customer Support.