Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8025
Views
15
Helpful
4
Replies

updater could not validate the server certificate

Go to solution
jukolev
Level 1
Level 1

‎05-10-2017 06:09 AM

Warning:  The updater could not validate the server certificate. Server certificate not validated - unable to get local issuer certificate

 

Version: 9.7.0-125

4 people had this problem
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎05-10-2017 07:09 AM

Hi,

The error is usually temporary, you can confirm if the updates are working correctly by reviewing the updater_logs.

You can also turn off certificate validation using the command "updateconfig".

CLI: updateconfig, then choose the following

Choose the operation you want to perform:
- SETUP - Edit update configuration.
- VALIDATE_CERTIFICATES - Validate update server certificates
- TRUSTED_CERTIFICATES - Manage trusted certificates for updates
[]> validate_certificates

Should server certificates from Cisco update servers be validated?
[Yes]> no

Then commit the changes using the CLI command "commit".

If updates are working as expected for all scanning engines and if you haven't seen alerts like these multiple times then it can be safely ignored.

As your device (by default) reaches out every 5 minutes for an update, it failed to connect due to the fact that it was having validation issues with our update server and triggered the below alerts message which you may have received.

Thank You!
Libin Varghese

View solution in original post

4 Replies 4

Go to solution
jukolev
Level 1
Level 1

‎05-10-2017 07:08 AM

Now It's OK.

#updateconfig

VALIDATE_CERTIFICATES

yes

10X

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎05-10-2017 07:09 AM

Hi,

The error is usually temporary, you can confirm if the updates are working correctly by reviewing the updater_logs.

You can also turn off certificate validation using the command "updateconfig".

CLI: updateconfig, then choose the following

Choose the operation you want to perform:
- SETUP - Edit update configuration.
- VALIDATE_CERTIFICATES - Validate update server certificates
- TRUSTED_CERTIFICATES - Manage trusted certificates for updates
[]> validate_certificates

Should server certificates from Cisco update servers be validated?
[Yes]> no

Then commit the changes using the CLI command "commit".

If updates are working as expected for all scanning engines and if you haven't seen alerts like these multiple times then it can be safely ignored.

As your device (by default) reaches out every 5 minutes for an update, it failed to connect due to the fact that it was having validation issues with our update server and triggered the below alerts message which you may have received.

Thank You!
Libin Varghese

Go to solution
Kuat Bakenov
Level 1
Level 1
In response to Libin Varghese

‎10-10-2018 04:39 AM

thank bro
0 Helpful

Go to solution
Vitor_Cardoso
Level 1
Level 1
In response to Libin Varghese

‎10-27-2023 12:48 AM

Should I leave this setting as no or is it necessary to turn this VALIDATE_CERTIFICATES setting back on afterwards?

0 Helpful
Customers Also Viewed These Support Documents