Solved: Duo proxy certificate verification failed

amacia · ‎06-08-2020

Hi,

I’ve deployed the Duo proxy in CentOS 7 and I’m getting the error “Exception: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired” when running the connectivity tool.

The debug logs show the error: "[HTTPPageGetter (TLSMemoryBIOProtocol),client] "Certificate verification failed: errno 10 depth=0 subject [(b’C’, b’US’), (b’ST’, b’Michigan’), (b’L’, b’Ann Arbor’), (b’O’, b’Duo Security, Inc.’), (b’CN’, b’.duosecurity.com’)]"*

I’ve recreated the application and double checked the API parameters. It is a brand new deployment.

How can fix this issue?

Regards.

amacia · ‎06-09-2020

Fixed! Just realized that the OS had the wrong date and that’s why it was complaining about certificate expired.

View solution in original post

rofl · ‎06-09-2020

Are you using a SSL inspecting proxy to access the internet? If so you need to add the certificate of the proxy server to the trust store of the DUO auth proxy.

amacia · ‎06-09-2020

Hi Rofl,
No, I’m not using SSL proxy, just direct connectivity through the firewall.
Any ideas?

amacia · ‎06-09-2020

Fixed! Just realized that the OS had the wrong date and that’s why it was complaining about certificate expired.

rofl · ‎06-12-2020

Doh! Well done!
First step of troubleshooting should be to verify the basics (time, DNS, etc).
Have a nice weekend!