topic Re: FMC - SNORT updates failing - Peer certificate cannot be authentic in Network Security

FMC - SNORT updates failing - Peer certificate cannot be authenticated

JLCrabtree — Wed, 25 Jan 2023 19:26:39 GMT

We couldn't get SNORT updates, the error was Peer certificate cannot be authenticated with known CA certificates

I connected via ssh, opened an expert shell and started checking log files and I found a lot of this

curl: (60) SSL certificate problem: unable to get local issuer certificate

/var/log/schedule_tasks.log

This lead me to add the Identrust root CA and HydrantID intermediate CA certificate PEM files to

/etc/sf/keys/fireamp/thawte_roots

then run

sudo c_rehash /etc/sf/keys/fireamp/thawte_roots

to process them in correctly. This resolved the curl error above allowing the FMC to download SNORT updates.

Edit: You need these specific certs

HydrantID Server CA O1
IdenTrust Commercial Root CA 1

Re: FMC - SNORT updates failing - Peer certificate cannot be authentic

JLCrabtree — Wed, 25 Jan 2023 19:17:48 GMT

Initial post IS the solution

Re: FMC - SNORT updates failing - Peer certificate cannot be authentic

sina.naser — Mon, 29 May 2023 10:33:02 GMT

How do I find these certificates?

Re: FMC - SNORT updates failing - Peer certificate cannot be authentic

sv7 — Fri, 17 Nov 2023 05:11:31 GMT

Is there impact or need any maintenance window to do these changes ?.

Re: FMC - SNORT updates failing - Peer certificate cannot be authentic

Barrett Cowan — Wed, 29 Nov 2023 03:21:33 GMT

This may not be solved for some. Here's the bug https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm03931. Even though your version may not be listed, the fix is updating to the latest recommended version.