Forum Discussion
NimbostratusiQuery failing : SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1128:
Hi F5 Team,
When we tried to connect the remote F5 DNS, we are getting an error as below.. Can you please help me to resolve this..
iqdump output from MDC-GTM for XDC-GTM's IP address
[user@DC1-GTM-01:Active:Standalone] ~ iqdump 208.90.73.204
47880724300784:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1128:
New, (NONE), Cipher is (NONE)
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1533937199
Timeout : 7200 (sec)
Andy_McGrathCumulonimbus
Looks like a trust has not been created between the F5 devices.
If you just want to setup the trust to allow communication then you can run the
command to swap certs and establish a trust.bigip_addIf you are trying to add a new F5 DNS/GTM into an existing DNS/GTM device group then you can use
command which will generate the trust but also pull all the DNS/GTM configuration from the group and overwrite the local configurationgtm_addWARNING: With
Make sure you run the correct way around and are happy to overwrite local F5 DNS/GTM configurationgtm_addSee: K13312: Overview of the BIG-IP DNS big3d_install, bigip_add, and gtm_add utilities (11.x - 14.x)
maowentao_27472hello,I hava a same problem with this,there is a solution for this problem
GIRISH_BAMMANAWYes.. it's resolved.. We were using third party vendor ask certificate to establish the IQUERY connection.. we replace third party certificate with device self certificate .. then issue fixed
Manuel_Cristob2Whats is the solution to this problem?
- Manuel_Cristob2
Whats the solution?
andres_neriHi, I had the same problem
and only needed to add CA root certificate on
DNS > GSLB > Servers > Trusted Server Certificates.
this link with a reference