Certificate verification failed

<< Back to Knowledge Search



I am unable to access the user Interface on my Director appliance.

I have followed the instructions in 000011223, but I still see problems with my certificate, with this message "Certificate verification failed"  

Do the SG, and Directors appliance certificate link to each other, in some way? 

When requesting a client certificate from the SGME console, they are unable to do so.  Here is an example of the error:

  • director (config) # ssl request-appliance-certificate 
    • Requesting certificate
    • Verifying certificate
    • Certificate verification failed
  • director (config) #

NOTE: The only thing that resolved this issue, after the below steps were followed, was to replace the entire appliance by a RMA.  I have documented what other steps we followed here in an effort to show more detail of what steps can be tried, but, in our case, failed.

This particular problem was caused by the Directors orignal  "birth Certificate" being corrupted, which was causing the certificate  we downloaded from abrca.bluecoat.com to fail *verification*. During manufacturing the key pair is generated and private key is stored in the eeprom and public key is stored in the ABRCA server with serial number. When a certificate fails to verify, it's because of corupt data stored in the eeprom.

At one point ,in our diagnosis below, we replaced the drive, but not the whole appliance.  Replacing the drive will not make any difference since the units birth certificate is stored in the box's EEPROM.

1: After following the instructions on the above article, I see this output on my command line interface (CLI) screen.

Below is the error seen:
director (config) # ssl request-appliance-certificate 
Requesting certificate
Verifying certificate
Certificate verification failed
director (config) #

With this symptom, we will also noticed notice these messages in the logs.


Jun 25 12:56:21 director cli[2673]: <-cli.notice> admin@::ffff: Processing command: 1277488581882555:ssl request-appliance-certificate 
Jun 25 12:56:22 director configd: <configd.notice> Certificate retrieved OK
Jun 25 12:56:27 director configd: <configd.crit> Unable to verify cert. Failed to exec curl
Jun 25 12:56:27 director configd: <configd.crit> get_cert_auto(), cdm_ssl.c:513, build 000000: Error 1 returned, bailing out.



2:  Going to http://abrca.bluecoat.com/sign-manual/ and manualy creating the KEY produces the same results.

3: Replacing the Disk drive, via the RMA process, also produces the same result.

4: Bluecoat Customer care was asked to validate the customers serial number, and it all checked out, except the customer name. Once this was fixed, the symptom remained, though.

5: Both Domain Name System ( DNS) has to be configured, as well the the time has to be set correctly. SSL Certificates are time/date dependant, and will fail if not set correctly.

NOTE1: The only relation between a SG cert. and a Director cert. is that they are both signed by our CA named "ABRCA", at abrca.bluecoat.com

NOTE2: 'curl' is a utility that Director uses to pull files, and this case, the certificate,  from the
SG via the network.

NOTE3:  For information on how to update your SSL appliance certificate, see   000011223

NOTE4: A technical buliten has also been published on this. TFA49

Additional Information
Bug Number
InQuira Doc IdKB4172

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      Director-510
Topic      Configuration / WUI / CLI, Debugging, Director Jobs, Hardware, Installation / Configuration, Networking, Policy Management, SSL / HTTPS
Article Number      000008503
Was this helpful?
Previous MonthNext Month