Duo proxy certificate verification failed


I’ve deployed the Duo proxy in CentOS 7 and I’m getting the error “Exception: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired” when running the connectivity tool.

The debug logs show the error: "[HTTPPageGetter (TLSMemoryBIOProtocol),client] "Certificate verification failed: errno 10 depth=0 subject [(b’C’, b’US’), (b’ST’, b’Michigan’), (b’L’, b’Ann Arbor’), (b’O’, b’Duo Security, Inc.’), (b’CN’, b’.duosecurity.com’)]"*

I’ve recreated the application and double checked the API parameters. It is a brand new deployment.

How can fix this issue?


Are you using a SSL inspecting proxy to access the internet? If so you need to add the certificate of the proxy server to the trust store of the DUO auth proxy.

Hi Rofl,
No, I’m not using SSL proxy, just direct connectivity through the firewall.
Any ideas?

Fixed! Just realized that the OS had the wrong date :frowning: and that’s why it was complaining about certificate expired.

Doh! :slight_smile: Well done!
First step of troubleshooting should be to verify the basics (time, DNS, etc).
Have a nice weekend!