Applies To:

Show Versions Show Versions

sol9467: Error Message: SSL routines: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Error MessageError Message

Original Publication Date: 12/11/2008
Updated Date: 06/20/2013

BIG-IP systems use SSL certificates for inter-device communication using the iQuery protocol. If device certificates are missing or expired on an F5 device, iQuery communication will fail and the GTM system that is initiating the iQuery connection logs error messages that appear similar to the following to the /var/log/gtm file:

gtmd[8472]: 011ae020:5: Connection in progress to <iquery_peer>
gtmd[8472]: 011ae01c:5: Connection complete to <iquery_peer>. Starting SSL handshake
iqmgmt_ssl_connect: SSL error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

For example, trusted device certificates are stored in /config/big3d/client.crt, which the big3d agent of the local BIG-IP GTM or BIG-IP LTM device uses to authenticate a connection from a remote F5 device.

Trusted server certificates are stored in /config/gtm/server.crt, and are used when the local BIG-IP GTM system authenticates itself to a remote F5 device.

If the trusted device or server certificates are missing or expired on one or more of your F5 systems, refer to the following article:

If you are using third party SSL certificates, refer to the following articles:

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)