04-03-2020 07:55 AM
Hi, we are getting the following error messages: The certificate used by the appliance to communicate with the SDR service was invalid or expired. Make sure that the appliance is able to fetch a valid certificate from the updater server. Anyone knows how to solve it? We are running latest GD AsyncOS 13.x.
04-04-2020 08:28 AM - edited 04-04-2020 08:29 AM
Hello Jernej,
Firstly, make sure that your feature keys for SDR are not expired.
Then make sure that the Update setting is set to Cisco IronPort Update Servers.
[Security Services -->Service Updates --> Edit Update Settings]
Please find attached the screenshot.
Once the above settings are in place, perform the command "updatenow force" in the CLI and monitor the ESA appliance.
I hope the above steps help!
Cheers,
Pratham
04-05-2020 05:45 AM
Hi Pratham,
which licence is needed to SDR? I can't find any referal in licensing guide or CCW for SDR licensing?
Settings were already set as you described. All other services were updated successfuly.
Telnet to v2.sds.cisco.com:443 also works.
The reports stoped coming yesterday morning. I'm still not 100% if that is related to changing parameter "Do you want to verify server certificate?" from Y to N on sdrconfig CLI command I've did yesterday. Still testing - putting it back to Y.
I've also run
# sdrupdate force
Requesting forced update of SDR client package
# sdrstatus
Component Version Last Updated
SDR Client 1.0 Never updated
Regards
04-06-2020 03:42 AM
04-06-2020 06:38 AM
04-06-2020 03:23 PM
Hi, I was unable to reproduce problem. SDR works flawlessly and we are not getting any error messages. Really strange.
I've cheched the SSL inspection in the first place: it was turned off from the beginning.
I'll check the URL filtering certificates if the problem would reappear.
Thank you both.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide