Error Message: OpenSSL SSL_connect: SSL_ERROR_SYSCALL

Error Message: OpenSSL SSL_connect: SSL_ERROR_SYSCALL

3376
Created On 11/18/20 23:26 PM - Last Modified 07/02/21 20:55 PM


Symptom
  • Trying to install a Device Certificate from Customer Support Portal.
  • After Entering the OTP generated under GUI: Device > Setup > Management  > Device Certificate, the following Error message is seen:

OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to certificate.paloaltonetworks.com:443


 


Environment
  • Palo Alto 3050 Firewall.
  • PAN-OS 9.1 and above.
  • Using an inband interface for management access to Palo Alto Network services


Cause
Traffic getting blocked due to missing security policy. Using an inband interface to obtain the device certificate from the CSP (Customer Support Portal ) requires a security policy to allow the traffic.

Resolution
When using an inband interface (instead of the Management port) to connect to the Customer Support Portal to obtain the device certificate. Ensure the "Security Policy" is set to allow the traffic.
  1. Select GUI: Policies > Security and "Add"  a new rule.
  2. For the application make sure to add "paloalto-shared services"
  3. Commit

 


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBgsCAG&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language