SUSE Support

Here When You Need Us

Registration in SUSE Manager is aborted with SSL/certificate error.

This document (7018600) is provided subject to the disclaimer at the end of this document.


SUSE Manager 3
SUSE Manager 2.1
SUSE Manager 1.7


When trying to register a client to SUSE Manager, the registration process is interrupted with an error similar to this one:

Retrieving repository 'repo_name'
Download (curl) error for '':
Error code: Unrecognized error
Error message: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Abort, retry, ignore? [a/r/i/?] (a):

This is likely to happen in an older, unsupported (or supported by LTSS) version of SLES, for instance, SLES 11 SP3 or older. It can also happen in newer (even supported) versions, after a migration from SUSE Manager 2.1 to 3.0.


Specially in the case of a migration, please make sure the bootstrap script has all the latest changes. If unsure, the easiest way to do it is by fully patching the SUSE Manager server and regenerating it, with (parameters can differ, depending on the needs):


Then, the script should be edited, doing the usual changes:

#exit 1


But this time, also the following lines should be changed to look like this:


Should the following lines exist, they need to be commented (although updating the bootstrap script should have deleted them, so the following step wouldn't normally be needed ):

#echo "* removing TLS certificate used for bootstrap"
#echo "  (will be re-added via salt state)"

Additionally, and specially in the case of old unsupported releases, the following packages should be updated:



The current bootstrap script has a section to remove the certificate and instead allow it to be salt maintained.
While this is a nice thought, right now it causes the issue described for traditional clients.

Outdated versions of openssl can also cause this SSL certificate error. Unless a newer version of openssl is installed, the problem cannot be bypassed.

Additional Information

Having a working SUSE Manager environment, the latest up to date versions for openssl packages can be easily fetched through the web-UI and copied to the SUSE Manager web server, in any subdirectory under the /srv/www/htdocs/pub/ tree. The "updates" channels should be used, or even better (if available), the "LTSS updates" channels. Any method that suits the environment best can be used (for example wget or scp) in order to copy the packages from the SUSE Manager Server to the affected client(s).

Regarding the openssl versions, similar errors are known to happen with SMT (Subscription Management Tool) or direct registration through suse_register. The solution is the same, however the way to get the updates can differ.


This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7018600
  • Creation Date: 08-Feb-2017
  • Modified Date:03-Mar-2020
    • SUSE Manager

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.