Problem
The master server is unable to connect to a newly upgraded media server. Running the bptestbpcd command to check communication reports a certificate error:
Msg: sslv3 alert bad certificate
A SSL socket connect failed
Error Message
A test of the connection to NetBackup Web Services is successful from the media server:
nbcertcmd -ping
Fetched data = 1580933415791.
==========================
However running the command "bptestbpcd -client media01 -verbose" from the master server to the media server to test connectivity shows:
14:09:14.715 [30860] <16> bptestbpcd main: A SSL socket connect failed
<2>bptestbpcd: A SSL socket connect failed
14:09:14.715 [30860] <2> bptestbpcd: A SSL socket connect failed
<2>bptestbpcd: EXIT status = 7625
14:09:14.715 [30860] <2> bptestbpcd: EXIT status = 7625
<16>bptestbpcd main: A SSL connect failed. Status: x Msg: sslv3 alert bad certificate
: 7625
14:09:14.722 [30860] <16> bptestbpcd main: A SSL connect failed. Status: 1 Msg: sslv3 alert bad certificate : 7625
A SSL socket connect failed
# bpclntcmd -pn -verbose A SSL connect failed. Status: x Msg: sslv3 alert certificate expired
Cause
The error message "sslv3 alert bad certificate" is due to a mismatch of the operating system clock of the Master server versus the Media server or client
Check the time difference of the Master Server, Media Server and/or Client by running (example):
nbcertcmd -checkclockskew
The current host clock is behind the master server by 18835 second(s).
In this example, the time difference from the Master server to the media server is about 314 minutes.
Solution
Sync the Clocks of the Master server and Media Server or clients.
If the hosts are synced using the Network Time Protocol (NTP), check the connectivity with the NTP server to ensure it is reachable.
Once the clocks are synced please re-check the connection to the media server or client again with the bptestbpcd command. It should now be successful.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.