Some users may have issues creating a community account See more here.

Linux Agent "curl 60" Certificate Errors [Resolved]

Linux Agent "curl 60" Certificate Errors [Resolved]

Summary

While running an ongoing terminal scan with the SVM Agent for Linux, the latter returns the following:

"error while checking in with server (60) ... connection error"

This error is related to the server SSL certificate which in this case had not yet been imported in the 'trusted certificates list' of the Linux server system. The error message says the following:

"Peer's certificate issuer had been marked as not trusted by the user" 

Symptoms

While running a scan with the Software Vulnerability Manager Agent for Red Hat Linux, the latter returns:

"Error while checking in with server (60)" message and "connection error" known as 'curl 60'.

User-added image

You might see this error in the "sync.log" log file of your RHEL/CentOS SVM server, printed out with the following message:

"There was a problem with the curl request. Error no 60: Peer certificate cannot be authenticated with known CA certificates"

Cause

The error indicates that the 'Certification Authorities' list on the Redhat machine does not include a reference to the SSL certificate which your server instance is using to authorize SSL connections.  

You should copy the public-key copy of your certificate to your Redhat machine and import it to the list of trusted certification authorities (ca-bundle.crt)

Resolution

1. Open Internet Explorer on a Windows host and type in the browser the name of your server (https://).
2. Once connected, click on the lock icon on the right side of the address bar, click 'View Certificates'.
3. Click on Details TAB.
4. Click 'Copy to File' > Next > 'Base-64 encoded x.509 (.CER)' > Next > Save (e.g. rhel7-server-public.CER).

User-added image5. Transfer the.CER file to your Redhat server (e.g. /home/user/temp directory).
6. Run this command to import the certificate in the trusted CA's list:

cat rhel7-server-public.CER >> /etc/pki/tls/certs/ca-bundle.crt

User-added image
After you performed these actions, you should be able to run an error-free scan with the SVM Agent.

Was this article helpful? Yes No
No ratings
Version history
Revision #:
4 of 4
Last update:
‎Sep 25, 2019 05:26 PM
Updated by:
 
Contributors