LicenseUpdater (2608) - HTTPS failure

Started getting these in the BESRelay.log starting Saturday. Looks like one per hour. Anyone else?

Sat, 29 Feb 2020 04:31:51 -0500 - LicenseUpdater (2608) - HTTPS failure on {}; Message {HTTP Error 60: Peer certificate cannot be authenticated with given CA certificates: SSL certificate verification failed}; retrying using HTTP

Wed, 04 Mar 2020 13:04:09 -0500 - LicenseUpdater (2608) - HTTPS failure on {}; Message {HTTP Error 60: Peer certificate cannot be authenticated with given CA certificates: SSL certificate verification failed}; retrying using HTTP

Maybe this means my support ended…

I’m also seeing these entries in the BigFix server’s BESRelay.log file. I wonder if a certificate has expired?

Same here in BESRelay.log after upgrading BES v9.5.6.63 to the latest v9.5.14.73 (on Linux with ILMT and DB2 10.5).

Started immediately after upgrade: Tue, 03 Mar 2020 14:41:34 +0100 - LicenseUpdater (3725821696) - HTTPS failure on …

Found a possible solution and replaced an old ca-bundle.crt from Oct, 2015. in /opt/BESServer/Reference/ca-bundle.crt with a fresh one from Jan, 2020. but it didn’t help even after a reboot.

Does anybody know how to set the path to the downloaded set of trusted certificates for a _BESGather_CACert keyword? Maybe in:

BESClient/besclient.config or BESServer/besserver.config ? But, what is a correct syntax? :frowning:


Hey all,

What is going on is that we finally upgraded the certificate on the license server and fixed a problem that we had before. The old certificate for actually still had the old name in the CommonName and we had to workaround that and put special check in place for that name. So now that we actually got a proper certificate the check is failing and you get that error. Don’t worry though there is a fix before we actually fix this in the product itself:

There is a hidden client settings that you can put on the server

_BESGather_LicenseCertificateCommonName =

This way when we check the CN in the certificate the check will be successful and you will not get those errors.


Thank you for the response. If we do nothing, does this self correct or will that only happen during a future upgrade; leaving us to implement the workaround you mentioned?

This is a problem that can be fixed only with a future upgrade of BigFix Server so in the meantime you have to set that client settings.

Ok… I’ve set the Property on my BES and restarted both the Gather and Root service. I should know in an hour if it worked.

The BES Server on startup does the check and then it does every hour, so if you didn’t see that error on Server startup you already know that is working. Plus you can ask for a LicenseUpdate check from the License Dashboard in the Console.

1 Like

I figured as much…but thanks for the confirmation. I think I’m good then (but I’m still going to look in an hour :kissing_heart:

Could you please send us the line and in which config file you put it :slight_smile:

You would open the Console as MO. You would locate your BES and right-click on it, and choose Edit Computer Settings and click Add. You would then add _BESGather_LicenseCertificateCommonName as the Setting Name and as the Setting Value.

End result should look like this:



Thanks a lot! I did that, and hope it would work :slight_smile:

FYI - Solved - no more HTTPS failures 2 hrs later :slight_smile:

Hello Lukasz,
I apologize for the internal communication issue we had.
Support team is now aware of that and we are going to publish a document, that will be available to HCL teams and to customers, containing the explanation of the error and how to recover from it.
I will post the document external link, as soon as it is available.

The positive is that it is vital that this forum remains active as it has been. I come here everyday and post or look for information before going to Support. This is the best forum I’ve ever been on in both content, people, contribution, and functionality of the forum itself.


Hi Emiliano

We have over 100 BF servers in our infrastructure and it’s gona take a while to implement changes on all of them due to a change process we need to follow.
How does this error is impacting us, eg. Is content in external sites updated because of that error, or it’s just inflicting licence update only ?

Hear Hear.

This forum is a shining beacon.

And good spot on the errors and getting the fault acknowledged and the workaround published.

1 Like

Confirmed the change worked for me as well. This should probably be sticky so everyone finds it.


to solve the issue, it is just needed to add the Client Setting

_BESGather_LicenseCertificateCommonName =

on your BigFix Server and you can do that just selecting ‘Edit Computer Settings’ > ‘Add’ from Console as MO on the computer.
It is not needed to add the above setting on other systems, but just on the system where you installed BigFix Server.
The error, then, only affects the ability to check for license updates, it doesn’t affect site gathering.