<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Okta Access Gateway Upgrade Fails With "SSL_ERROR_SYSCALL" Error

Access Gateway
Okta Classic Engine
Okta Identity Engine

Overview

An Okta Access Gateway (OAG) upgrade or package installation fails with a Secure Sockets Layer (SSL) connect error because firewall rules block Hypertext Transfer Protocol Secure (HTTPS) connectivity to the repository. Configuring the firewall rules to allow the connection resolves the issue. When attempting to install a package or update the appliance, the following error occurs: 

 

Errors during downloading metadata for repository 'oagProdDrivers':
- Curl error (35): SSL connect error for https://yum.oag.okta.com/prod/Drivers /8/x86_64/repodata/repomd.xml [OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connect ion to yum.oag.okta.com:443 ]
Error: Failed to download metadata for repo 'oagProdDrivers': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

 

Connectivity tests for yum.oag.okta.com on port 443 show no issues.

Applies To

  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Okta Access Gateway (OAG)
  • Upgrades and Package Installations

Cause

Firewall rules block HTTPS connectivity to yum.oag.okta.com.

 

NOTE: The Okta Access Gateway yum repository has no allowlist to enable connectivity to a specific appliance. Connectivity tests only check if the host listens on a specific port and do not perform a Transport Layer Security (TLS) handshake. Curl tests verify the actual result from the TLS handshake.

Solution

How is the SSL connect error resolved during an upgrade?

Configure the firewall rules to allow the appliance to connect to the repository over TCP and HTTPS.

 

Related References

Loading
Okta Support - Okta Access Gateway Upgrade Fails With "SSL_ERROR_SYSCALL" Error