cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8828
Views
15
Helpful
4
Replies

updater could not validate the server certificate

jukolev
Level 1
Level 1

Warning:  The updater could not validate the server certificate. Server certificate not validated - unable to get local issuer certificate

 

Version: 9.7.0-125

1 Accepted Solution

Accepted Solutions

Libin Varghese
Cisco Employee
Cisco Employee

Hi,

The error is usually temporary, you can confirm if the updates are working correctly by reviewing the updater_logs.

You can also turn off certificate validation using the command "updateconfig".

CLI: updateconfig, then choose the following

Choose the operation you want to perform:
- SETUP - Edit update configuration.
- VALIDATE_CERTIFICATES - Validate update server certificates
- TRUSTED_CERTIFICATES - Manage trusted certificates for updates
[]> validate_certificates

Should server certificates from Cisco update servers be validated?
[Yes]> no

Then commit the changes using the CLI command "commit".

If updates are working as expected for all scanning engines and if you haven't seen alerts like these multiple times then it can be safely ignored.

As your device (by default) reaches out every 5 minutes for an update, it failed to connect due to the fact that it was having validation issues with our update server and triggered the below alerts message which you may have received.

Thank You!
Libin Varghese

View solution in original post

4 Replies 4

jukolev
Level 1
Level 1

Now It's OK.

#updateconfig

VALIDATE_CERTIFICATES

yes

10X

Libin Varghese
Cisco Employee
Cisco Employee

Hi,

The error is usually temporary, you can confirm if the updates are working correctly by reviewing the updater_logs.

You can also turn off certificate validation using the command "updateconfig".

CLI: updateconfig, then choose the following

Choose the operation you want to perform:
- SETUP - Edit update configuration.
- VALIDATE_CERTIFICATES - Validate update server certificates
- TRUSTED_CERTIFICATES - Manage trusted certificates for updates
[]> validate_certificates

Should server certificates from Cisco update servers be validated?
[Yes]> no

Then commit the changes using the CLI command "commit".

If updates are working as expected for all scanning engines and if you haven't seen alerts like these multiple times then it can be safely ignored.

As your device (by default) reaches out every 5 minutes for an update, it failed to connect due to the fact that it was having validation issues with our update server and triggered the below alerts message which you may have received.

Thank You!
Libin Varghese

thank bro

Should I leave this setting as no or is it necessary to turn this VALIDATE_CERTIFICATES setting back on afterwards?