Forum Discussion
Herman2024
Cirrus
Cirruswhy the device certificate verify failed when the device certificate is not expired?
hi, we have some GTM/DNS devices. One of them - DSN01 is shown down, but the error message is shown as below. SSL error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify fa...
lisa52smith
Nimbostratus
NimbostratusThe SSL error you're encountering, despite the device certificate not being expired, could be due to the presence of an old certificate on the other DNS nodes. Here are some steps to troubleshoot and resolve the issue:
Check Trusted Certificates: Verify that the new device certificate is correctly installed on DNS01 and that the old certificate has been removed from the trusted certificates on other DNS nodes KMFusa
Restart Services: Restarting the big3d service on DNS01 and the gtmd service on the local system might help re-establish the iQuery connection.
Update Certificates: Ensure that all DNS nodes have the updated device certificate.
Herman2024Thanks lisa52smith Jeffrey_Granier for your advices. I saw there are multiple certificates in other DNS nodes "Device Trust Certificate" with the same serial number. How to verify and confirm whether one client certificate belong to DNS01? I saw the serial number in some certificate is in the format like mac address, don't know what these certificates are. Please advise, thanks in advance!