Certificate verification failed
I am unable to access the user Interface on my Director appliance.
I have followed the instructions in KB3288, but I still see problems with my certificate, with this message "Certificate verification failed"
Do the SG, and Directors appliance certificate link to each other, in some way?
When requesting a client certificate from the SGME console, they are unable to do so. Here is an example of the error:
NOTE: The only thing that resolved this issue, after the below steps were followed, was to replace the entire appliance by a RMA. I have documented what other steps we followed here in an effort to show more detail of what steps can be tried, but, in our case, failed.
This particular problem was caused by the Directors orignal "birth Certificate" being corrupted, which was causing the certificate we downloaded from abrca.bluecoat.com to fail *verification*. During manufacturing the key pair is generated and private key is stored in the eeprom and public key is stored in the ABRCA server with serial number. When a certificate fails to verify, it's because of corupt data stored in the eeprom.
At one point ,in our diagnosis below, we replaced the drive, but not the whole appliance. Replacing the drive will not make any difference since the units birth certificate is stored in the box's EEPROM.
1: After following the instructions on the above article, I see this output on my command line interface (CLI) screen.
Below is the error seen:
With this symptom, we will also noticed notice these messages in the logs.
2: Going to http://abrca.bluecoat.com/sign-manual/ and manualy creating the KEY produces the same results.
3: Replacing the Disk drive, via the RMA process, also produces the same result.
4: Bluecoat Customer care was asked to validate the customers serial number, and it all checked out, except the customer name. Once this was fixed, the symptom remained, though.
5: Both Domain Name System ( DNS) has to be configured, as well the the time has to be set correctly. SSL Certificates are time/date dependant, and will fail if not set correctly.
NOTE1: The only relation between a SG cert. and a Director cert. is that they are both signed by our CA named "ABRCA", at abrca.bluecoat.com
NOTE2: 'curl' is a utility that Director uses to pull files, and this case, the certificate, from the
NOTE3: For information on how to update your SSL appliance certificate, see KB3288
NOTE4: A technical buliten has also been published on this. TFA49
Rate this Page
Please take a moment to complete this form to help us better serve you.