I have installed a Trap agent and certificate in Red Hat 6 successfully. But when I try to pull a Trap log. The error message occurs, ERROR: 14090086: SSL routines: SSL 3_GET_SERVER_CERTIFICATE: certificate verify failed What could be for this error coming.
Please see step 3 in the document listed at this URL:
Do you know if the 3 certs are trusted on the Linux server in question?
has anyone had luck installing Cortex Agent to Linux Mint 20? I have had no issues running Ubuntu Linux (20.04 LTS), but keep getting the "SSL Exception: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed" error on Mint.
Certificates are installed the same way as on Ubuntu, openssl verification to the server is successful.
Thanks, best regards
s_client will now send the Server Name Indication (SNI) extension by default unless the new "-noservername" option is used. The server name is based on the host provided to the "-connect" option unless overridden by using "-servername".
This works on modern distros (openssl > 1.1.0i) but not in Centos 6 (1.0.1e):
openssl s_client -connect distributions.traps.paloaltonetworks.com:443
CONNECTED(00000003) depth=0 O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate verify error:num=20:unable to get local issuer certificate ...
In Centos 6 you need to set the TLS SNI with -servername
openssl s_client -servername distributions.traps.paloaltonetworks.com -connect distributions.traps.paloaltonetworks.com:443
CONNECTED(00000003) depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority ...
Relevant info to fix this on the server side:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!