Pivotal Knowledge Base


gpload Error: "SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"


  • Pivotal Greenplum Database (GPDB) 4.3.x
  • Operating System- Red Hat Enterprise Linux (RHEL) 6.x


When running gpload with gpfdists protocol, it fails and gives an error.

Error Message:

[gpadmin@mdw ~]$ gpload -f /tmp/gpload.yaml 
2016-12-05 16:56:20|INFO|gpload session started 2016-12-05 16:56:20
2016-12-05 16:56:20|INFO|started gpfdist --ssl /data/master/gpseg-1 -p 10008 -P 10009 -f "/tmp/gploadtest.txt" -t 30 -m 268435456
2016-12-05 16:56:24|ERROR|ERROR: connection with gpfdist failed for gpfdists://mdw:10008//tmp/gploadtest.txt. effective url: https://mdw:10008//tmp/gploadtest.txt. (seg12 slice1 sdw2:1029 pid=96784)
DETAIL: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 


The certificates are valid. However, they were generated on a server on which the time is set to about 20 minutes ahead of ETL servers running gpload.

So the error will be hit if the certificates are used immediately on ETL servers after being generated as the machine time was not in the valid period of certificates.

ETL node4 Date and Time (Where server certs are installed):

root@etl4 ~ $ date

Thu Dec  8 16:29:29 PST 2016

CA Authority Server Date and Time (From where certs are generated):

root@x000:~# date

Thu Dec  8 16:50:57 PST 2016

Valid period of certificates:


            Not Before: Dec  8 03:49:09 2016 GMT

            Not After : Nov 14 03:49:09 2116 GMT


Synchronize time on the server for generating a certificate and all the servers on GPDB cluster. Better to synchronize with the NPT servers.

For the example given in this article, do another try in about 20 minutes after generation of certificates. The gpload command can complete successfully.


Powered by Zendesk