Applies To:

Show Versions Show Versions

sol9467: Error Message: SSL routines: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Error MessageError Message

Original Publication Date: 12/11/2008
Updated Date: 04/19/2016


BIG-IP systems use SSL certificates for inter-device communication using the iQuery protocol. If device certificates are missing or expired on an F5 device, iQuery communication will fail and the BIG-IP GTM system that is initiating the iQuery connection logs error messages that appear similar to the following example to the /var/log/gtm file:

gtmd[8472]: 011ae020:5: Connection in progress to <iquery_peer>
gtmd[8472]: 011ae01c:5: Connection complete to <iquery_peer>. Starting SSL handshake
iqmgmt_ssl_connect: SSL error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

For example, trusted device certificates are stored in /config/big3d/client.crt, which the big3d agent of the local BIG-IP GTM or BIG-IP LTM device uses to authenticate a connection from a remote F5 device.

Trusted server certificates are stored in /config/gtm/server.crt, and are used when the local BIG-IP GTM system authenticates itself to a remote F5 device.

If the trusted device or server certificates are missing or expired on one or more of your F5 systems, refer to the following article:

If you are using third party SSL certificates, refer to the following articles:

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)