Error message SSL negotiation with license manager server has failed

Error message SSL negotiation with license manager server has failed.

Last Updated: 5/11/2018 8456 Views 35 Users found this article helpful


Older firmware versions are not able to contact to the new HTTPS License server due to an updated certificate on our backend.
The new certificate is a 2048 bit certificate and uses a secure Verisign certificate. (new IP


Resolution A

  • Upgrade at least to the latest General Release (i.e.,,

Resolution B (workaround) in the case you prefer not upgrading the firmware:

CAUTION: This workaround may not work. The firmware upgrade is always the suggested solution to this issue as there might be certificate or TLS incompatibilities with old firmware versions.

Step 1: Create a DNS entry on your internal DNS server to resolve to the OLD License manager IP

Screenshot below shows an example server (DNS Server) which has an entry for
It resolves to the old IP (old SonicWall Licenseserver which accepts old root certificates from old firmware versions)

Step 2: Put the internal DNS as the first choice in the firewall Network | DNS | Settings .
Let’s say the internal DNS server is, then put in the first field (first choice)

Step 3: Import the certificate from the webpage.
You can use, for example, Firefox to download the certificate. If this does not work, you can also carry out the following steps to import the certificate.

  1. Navigate to the System | Certificates page.
  2. Under Additional CA Certificates, import the SonicWall Firewall DPI-SSL root certificate.

TIP: The certificate can be obtained by copy-pasting the following PEM encoded text into a text editor and saving it as SonicWallFirewallDPI-SSL.pem (with .pem extension).



the certificate can be exported by accessing Https:// from any Internet browser, here is an example on exporting the SonicWall Firewall DPI-SSL certificate using the latest FireFox browser.

How to Test:

  1. First test is to check if the SonicWall resolves to the old licensemanager ip.
    Go to System | Diagnostic and then check if the name resolves to, and check if the first (the internal DNS) is being used.
  2. Then go to System | Certificate and check if you see the new imported certificate

    3a) Go the System | Registration and click on Registration . If you are redirected to a Login Page then the workaround works
    Login with your credentials with your Username and Password
    (the same Password which you use for your account)


3b) You can also go to System | Licenses | License renew (below the Synchronize button). If you click on this link, then it redirects you as well to the mySonicWall account . You should see here a Login Page as well

Liquid Layer Networks

Powered by:

HostCheetah Networks
Global Web Hosting, Domain Registration and Internet Services |