cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2585
Views
0
Helpful
4
Replies

Duo proxy certificate verification failed

amacia
Level 1
Level 1

Hi,

I’ve deployed the Duo proxy in CentOS 7 and I’m getting the error “Exception: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired” when running the connectivity tool.

The debug logs show the error: "[HTTPPageGetter (TLSMemoryBIOProtocol),client] "Certificate verification failed: errno 10 depth=0 subject [(b’C’, b’US’), (b’ST’, b’Michigan’), (b’L’, b’Ann Arbor’), (b’O’, b’Duo Security, Inc.’), (b’CN’, b’.duosecurity.com’)]"*

I’ve recreated the application and double checked the API parameters. It is a brand new deployment.

How can fix this issue?

Regards.

1 Accepted Solution

Accepted Solutions

Fixed! Just realized that the OS had the wrong date and that’s why it was complaining about certificate expired.

View solution in original post

4 Replies 4

rofl
Level 1
Level 1

Are you using a SSL inspecting proxy to access the internet? If so you need to add the certificate of the proxy server to the trust store of the DUO auth proxy.

Hi Rofl,
No, I’m not using SSL proxy, just direct connectivity through the firewall.
Any ideas?

Fixed! Just realized that the OS had the wrong date and that’s why it was complaining about certificate expired.

Doh! Well done!
First step of troubleshooting should be to verify the basics (time, DNS, etc).
Have a nice weekend!

Quick Links