Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[CSO] PHC error 'jdm phone-home: phcd_contact_phs: curl_easy_perform() failed: SSL peer certificate or SSH remote key was not OK'



Article ID: KB36179 KB Last Updated: 22 Aug 2020Version: 1.0

This article describes a failure observed when NFX250 tries to communicate with phone home server. 


While performing ZTP of a NFX250 site through CSO, PHC (phone home client) failed with the following message:

jdm phone-home: phcd_contact_phs: curl_easy_perform() failed: SSL peer certificate or SSH remote key was not OK

The configuration below was in place for PHC to work:

set system phone-home server
set system phone-home ca-certification-file /var/phone-home/phcd-ca.crt
set system phone-home upgrade-image-before-configuration

Ping to the centralmsvm hostname was working:

jdm:/var/log# ping
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=64 time=0.265 ms
64 bytes from ( icmp_seq=2 ttl=64 time=0.227 ms
64 bytes from ( icmp_seq=3 ttl=64 time=0.273 ms
64 bytes from ( icmp_seq=4 ttl=64 time=0.262 ms
64 bytes from ( icmp_seq=5 ttl=64 time=0.272 ms
As it was throwing a certificate error, md5 was matched with the certificate in NFX as well as in msvm and it was matching:
root@centralmsvm:/etc/pki/tls/certs# ls -ltr ssl_cert.crt
-rw-r--r-- 1 root root 1338 Oct 31  2019 ssl_cert.crt

jdm:/var/phone-home# ls -ltr 
-rwxrwxrwx 1 root root 1338 Jul 21 00:17 phcd-ca.crt

Tried to perform a 'wget' with the centralmsvm hostname configuered in the PHC configuraiton of NFX JDM ''

It was giving the name below:

jdm:/var/log# wget
Resolving (
Connecting to (||:443... connected.
ERROR: cannot verify's certificate, issued by '/C=US/ST=CA/O=Juniper Networks/L=Sunnyvale/':
  Self-signed certificate encountered.
    ERROR: certificate common name '' doesn't match requested host name ''..

From the error message above, it shows the issue is due to a mismatch of hostname in the PHC configuration with the actual hostname configured in msvm server.

The configuration for PHC in NFX JDM  was corrected by changing the hostname to '' and the issue was resolved .

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search