Certificate Errors after installing WebUI

I’m running BigFix 9.5.6, and I get the following errors after I installed the WebUI component:

Mon, 27 Nov 2017 15:59:37 -0500 - 639616768 - 6: GetURL failure on https://sync.bigfix.com/cgi-bin/bfgather/besinventory?Time=1511816376: HTTP Error 60: Peer certificate cannot be authenticated with given CA certificates: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Mon, 27 Nov 2017 15:59:40 -0500 - 639616768 - 8: GetURL failure on https://sync.bigfix.com/cgi-bin/bfgather/patchingsupport?Time=1511816379: HTTP Error 60: Peer certificate cannot be authenticated with given CA certificates: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Mon, 27 Nov 2017 15:59:43 -0500 - 639616768 - 9: GetURL failure on https://sync.bigfix.com/cgi-bin/bfgather/serverautomation?Time=1511816382: HTTP Error 60: Peer certificate cannot be authenticated with given CA certificates: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Mon, 27 Nov 2017 15:59:46 -0500 - 639616768 - 4: GetURL failure on https://sync.bigfix.com/cgi-bin/bfgather/bigfixlabs?Time=1511816385: HTTP Error 60: Peer certificate cannot be authenticated with given CA certificates: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Mon, 27 Nov 2017 15:59:49 -0500 - 639616768 - 5: GetURL failure on https://sync.bigfix.com/cgi-bin/bfgather/advancedpatching?Time=1511816388: HTTP Error 60: Peer certificate cannot be authenticated with given CA certificates: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Mon, 27 Nov 2017 16:04:02 -0500 - 639616768 - 1: GetURL failure on https://sync.bigfix.com/cgi-bin/bfgather/webui-common?Time=1511816641: HTTP Error 60: Peer certificate cannot be authenticated with given CA certificates: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Mon, 27 Nov 2017 16:04:04 -0500 - 639616768 - 12: GetURL failure on https://sync.bigfix.com/cgi-bin/bfgather/webui-appadmin?Time=1511816644: HTTP Error 60: Peer certificate cannot be authenticated with given CA certificates: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Mon, 27 Nov 2017 16:04:07 -0500 - 639616768 - 13: GetURL failure on https://sync.bigfix.com/cgi-bin/bfgather/webui-custom?Time=1511816647: HTTP Error 60: Peer certificate cannot be authenticated with given CA certificates: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Any help would be greatly appreciated.

Hmmmm… your log output shows some webui sites having gathering problems (webui common, webui custom, webui-appadmin), but it’s also showing a bunch of gather url failures for normal bigfix sites too (bes inventory, patching support, server automation)…

This thread seems to have a very similar issue that you’re describing. It seems like a general SSL config thing: HTTP / SSL Errors with prefetch statement downloads

It is working now after I disabled the _BESGather_Use_Https flag. The issue I now have is that this is working in my Development environment with _BESGather_Use_Https set to 1, but not in my Production environment.

Do you have anything like an HTTPS inspecting firewall/proxy that may be rewriting the server certificates? From a browser on the production environment, try connecting to the gather URLs and see who the Certificate Issuer appears to be.

(Unlikely, given this started after installing WebUI, but still an easy thing to check)