"Internet communication error: Peer certificate cannot be authenticated with given CA certificates or "Unable to connect to data source
with the supplied credentials, or no credentials provided."
Last Modified Date: 08 Jun 2022 Issue
When refreshing an extract or loading a view which is using a Google data source, the following errors may occur:
Environment
Resolution
Please consult with your internal IT team, before carry out the following steps to install the GS Root R2 certificate:
If installing the above root certificate does not resolve the issue, please carry out the following steps to install the subordinate CA for GS Root R2
- GTS GIAG3: Cause
This error may occur because Google has changed their SSL certificates. In some cases, the trust chain is defined differently from their previous certificate.
- Last updated
- Save as PDF
Views:245Visibility:PublicVotes:0Category:ontap-9Specialty:coreLast Updated:
Issue
ONTAP provides support for HTTPS and FTPs for various commands. While attempting to use an HTTPS or FTPs server, the following error might be seen:
cluster1::*> system node image get -node cluster1-01 -package //example.com/Firmware/SP_FW.zip
Install Failed.
Failed to download package from //.../SP_FW.zip. Error: Peer certificate cannot be authenticated with given CA certificates
13924
Created On 05/16/19 03:25 AM - Last Modified 01/16/21 04:03 AM
Symptom
- When creating the certificate profile and using it in one of the features on the firewall, error on system logs:
- Packet capture displays "Unknown CA" after the exchanging of the server certificate packet
Environment
- PAN-OS 9.0
- Palo Alto Firewalls.
- Certificates Configured
Cause
Incorrect Certificate in the certificate Chain causes this error. Either the Root or the Intermediate certificate is not matching correctly.
Resolution
- Check the certificate being used:
Capture the certificate being sent by the "Server" and compare it with the stored certificate on the "Firewall". The server certificate can be found by doing packet capture and navigating to the server key exchange packet.
(Secure Sockets layer > TLS Record layer > Handshake protocol > certificate)
- If cert is incorrect or missing, then download the missing certificate:
- If needed, the Certificate can be downloaded from the Wireshark packet capture of "Server". Use the context menu (right-click) and save the raw data of the certificate with Export Packet Bytes into a file
- With OpenSSL, run openssl x509 -inform der -in cert.der -text to view the certificate
- With OpenSSL, run openssl x509 -inform der -in cert.der -outform pem -out cert.crt to convert cert into PEM format
- Then upload the PEM file to the firewall. Use the new certificate in the certificate profile for the firewall.
- Commit the changes to the Firewall. Now the issue should be resolved.
Attachments