“Error: Invalid Server Certificate” when uploading an OS image from Management Center to ISG
Article ID: 370773
Updated On:
Products
Issue/Introduction
While trying to upload an OS image from Management Center (MC) for an application running on an SSP appliance, also known as ISG, you may encounter the following error:
While loading OS images from the MC or a web server to an ISG, the ISG uses https to download the file and performs certificate validation. If verification fails the ISG will decline requests with“Error: Invalid Server Certificate”.
In the CLP services log you will see the error message:
May 22 03:49:13 ISG Failed with SSLException: Invalid server certificate: SSLHandshakeException - Received fatal alert: handshake_failure javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Cause
The ISG cannot validate the web server or MC certificate.
Resolution
If the MC or remote file server has a self-signed certificate, from the pop-up window above, install the certificate by clicking the “Install Certificate” button.
If the MC or remote file server has a certificate signed by a Root CA, intermediate certificate, or private Root CA, then import the complete certificate chain on the ISG via the ssl CLI command.
As an example:
configuressl
inline ca-certificate RootCA-----BEGIN CERTIFICATE-----<certificate contents between tags>-----END CERTIFICATE-----<ctrl-d>
inline ca-certificate IntermediateCA-----BEGIN CERTIFICATE-----<certificate contents between tags>-----END CERTIFICATE-----<ctrl-d>
edit ccl browser-trusted add RootCAadd IntermediateCA
exitexitexit
See Management Center Script to import certificates to ISG for an example script for MC.
Additional Information
If the MC or web server has a self-signed certificate, the ISG cannot validate the certificate.
If the MC or web server certificate is signed by Root CA or with intermediate certificates not already present on ISG or is a private Root CA the complete certificate chain needs to be added to ISG.
Feedback
