Forum Discussion
Herman2024
Cirrus
Cirruswhy the device certificate verify failed when the device certificate is not expired?
hi, we have some GTM/DNS devices. One of them - DSN01 is shown down, but the error message is shown as below.
SSL error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (336134278)
the device certificate of DNS01 is still not expired. And can ping DNS01 external physical interface IP from other DNS nodes. On DNS01, other DNS nodes are shown online. Can someone please advise what the possible cause is? Can restarting big3d on DNS01 to resolve the issue? Thanks in advance!
lisa52smithNimbostratus
The SSL error you're encountering, despite the device certificate not being expired, could be due to the presence of an old certificate on the other DNS nodes. Here are some steps to troubleshoot and resolve the issue:
Check Trusted Certificates: Verify that the new device certificate is correctly installed on DNS01 and that the old certificate has been removed from the trusted certificates on other DNS nodes KMFusa
Restart Services: Restarting the big3d service on DNS01 and the gtmd service on the local system might help re-establish the iQuery connection.
Update Certificates: Ensure that all DNS nodes have the updated device certificate.
Herman2024Thanks lisa52smith Jeffrey_Granier for your advices. I saw there are multiple certificates in other DNS nodes "Device Trust Certificate" with the same serial number. How to verify and confirm whether one client certificate belong to DNS01? I saw the serial number in some certificate is in the format like mac address, don't know what these certificates are. Please advise, thanks in advance!
- Jeffrey_Granier
Employee
Hello, You will have to make sure the certificate trust store is up to date: SSL routines:ssl3_get_server_certificate:certificate verify failed &
Error Message: SSL routines: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
