Skip to main content
Skip table of contents

Troubleshooting: Error 37 during Onboarding of an IGEL OS12 Device

During the onboarding with the IGEL Onboarding Service or with the one-time password method, you get the following error message: "Could not manage your device because of an internal error (<37>)". Error 37 indicates that the device was unable to get the CA certificates from the Universal Management Suite (UMS) Server(s). 

Problem

Possible causes for error 37 may be:

  •  NO HTTPS connection to the UMS Server
    Getting the CA certificates from the UMS Server is the first step of the onboarding process, so the error 37 can indicate that the device is unable to establish a HTTPS connection to the UMS Server. This can be caused by the network environment configuration, like a firewall or TLS inspection.

  • CA certificates cannot be verified due to an incomplete CA chain
    The downloaded CA certificates are verified by the device, so the error 37 can occur if the downloaded CA certificates cannot be verified by IGEL OS. This can be caused by an incomplete chain of CA certificates, for example, a missing certificate of the root CA.

Solution

No HTTPS Connection to the UMS Server

To diagnose network issues, use the curl command, the standard HTTP(s) tool included in IGEL OS 12/OS 11 and other Linux OS. Execute the following command to download CA certificates from the UMS Server:

CODE 
curl --tlsv1.3 --insecure https://<YOUR_UMS_ADDRESS>:<PORT>/device-connector/device/.well-known/est/cacerts

If the command fails to download CA certificates, you potentially have a networking or firewall problem. Try to adjust firewall settings or TLS inspection to allow the necessary HTTPS connections.

CA Certificates Cannot Be Verified Due to an Incomplete CA Chain

To solve this, import the complete CA chain as it described in IGEL Cloud Gateway (ICG) > ICG ManualInstallation and Setup > Providing the Certificates > Installing an Existing Certificate Chain.

If the missing certificate belongs to a public CA, try to update to IGEL OS 12.3.0. or above. These IGEL OS versions can automatically complete the CA chain with the required issuer certificates from the repository of public CA certificates contained in IGEL OS 12.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close