Error: Network error occurred, SSL certificate problem, verify that the CA cert is OK...certificate verify failed (60)...

book

Article ID: 170164

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Registration of Messaging Gateway (SMG) with a valid license fails and SMG is unable to download anti-spam rule sets.

conduit_log

(ERROR:16005.3061180096): [12034] Network error occurred, SSL certificate problem, verify that the CA cert is OK. Details:\x0Aerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (60), check your network connection settings, check your proxy settings (if applicable), and check to ensure that port 443 (HTTPS) is open through any relevant firewalls.

secure log

(warning) stunnel[3107]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: <x509 subjuct definition>
(err) stunnel[3107]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Cause

A proxy server or firewall is attempting to do SSL inspection and is is not presenting a trusted certificate to Messaging Gateway

Resolution

Messaging Gateway does not support SSL inspection of encrypted communication between SMG and the Symanec operations center. This includes license registration, probe address provisioning, customer specific rule management, and spam ruleset downloads. Please whitelist or otherwise exempt the internal IP addresses for the Symantec Messaging Gateway (SMG) from SSL inspection on your Proxy/Firewall.