Error: "SSL certificate problem, verify that the CA cert is OK" when applying an update to a GX.

Technote (troubleshooting)


When applying an update from, you see the following error message in the message file:
"Unable to download '/Proventia/G-Series/XPU_3_4.xml' from server ''. Reason:
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed"

Resolving the problem

There have been issues in the past where the GX is not using the correct .crt file to verify the server certificate on . Add the following advanced parameter to the update settings policy and try the update again:

Name: Update.certificate.file ( case sensitive)
String value: /etc/crm/msl-ca-bundle.crt

Make sure that you do not leave any white spaces at the end of the lines or the parameter will not be accepted.

If that does not work, then you can change the Trust level setting on the License and Update Servers tab in the update settings policy to "Trust-all" so it does not try to verify the certificate when it contacts

IBM Network IPS Documentation IBM Infrastructure Security Forums IBM Security Support Channel on YouTube IBM Fix Central Fixes and Updates IBM Security License Key and Download Center Subscribe to My Notifications for Important Product Alerts IBM Security Contact Support

Document information

More support for:

IBM Security Network Intrusion Prevention System

Software version:

4.3, 4.4, 4.5, 4.6, 4.6.1, 4.6.2

Operating system(s):


Reference #:


Modified date:


Translate my page

Content navigation