search cancel

Unable to update Messaging Gateway

book

Article ID: 163517

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Attempts to update the Messaging Gateway software on version 10.5.3 or earlier from both the Control Center GUI and from the command line interface (CLI) are failing:

smgmx> update download
Loaded plugins: downloadonly, fastestmirror, sym_check, sym_output
0 metadata files removed
0 sqlite files removed
0 metadata files removed
http://localhost:8080/products/smsapp/prod3/3rdparty/i386/repodata/repomd.xml: [Errno 4] IOError: <urlopen error (104, 'Connection reset by peer')>
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: symrepo_3rdparty. Please verify its path and try again
http://localhost:8080/products/smsapp/prod3/3rdparty/i386/repodata/repomd.xml: [Errno 4] IOError: <urlopen error (104, 'Connection reset by peer')>
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: symrepo_3rdparty. Please verify its path and try again
sms-appliance-release-10.5.1-2 is already installed.

 

messages log

2016 Aug  4 18:46:45 (notice) stunnel: LOG5[3633:4155378576]: Service pseudo-https accepted connection from 127.0.0.1:50213
2016 Aug  4 18:46:45 (notice) stunnel: LOG5[3633:4155378576]: connect_blocking: connected 143.127.103.13:443
2016 Aug  4 18:46:45 (notice) stunnel: LOG5[3633:4155378576]: Service pseudo-https connected remote server from 192.168.2.6:61210
2016 Aug  4 18:46:45 (warning) stunnel: LOG4[3633:4155378576]: CERT: Verification error: unable to get local issuer certificate
2016 Aug  4 18:46:45 (warning) stunnel: LOG4[3633:4155378576]: Certificate check failed: depth=0, /C=US/ST=California/L=Mountain View/O=Symantec Corporation/OU=Symantec IT Security/CN=swupdate.brightmail.com
2016 Aug  4 18:46:45 (err) stunnel: LOG3[3633:4155378576]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2016 Aug  4 18:46:45 (notice) stunnel: LOG5[3633:4155378576]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

Cause

Messaging Gateway version 10.5.3 or earler cannot connect to the software update infrastructure due to security certificate changes.

Resolution

SMG 10.6.5 and earlier can no longer communicate with the software update infrastructure due to changes to the TLS certificates and connection security.

This is a known and expected response to the migration of the Symantec infrastructure to SHA2 / SHA256 certificates. SMG systems older than 10.6.6 can no longer be updated either via the normal network upgrade path or using the `update localinstall` command. SMG systems older than 10.6.6 will need to be reinstalled from scratch using the latest available version and reconfigured.