cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1245
Views
1
Helpful
12
Replies

Can't update anything via proxy in Cisco FMC

sina.naser
Level 1
Level 1

Hi everyone

Due to oraganization's policies We Update our servers through HTTP proxy.

We have a Cisco FMC (VM, version 7.0.5) and want to system, VDB, Snort update through proxy. proxy server connection is ok. But when I hit download after few minutes I encounter this error "Peer certificate cannot be authenticated with known CA certificates" .

What should I suppose to do in this case?

I appreciate any help

Tnx in advance

12 Replies 12

@sina.naser are you doing SSL decryption on the proxy? If so perhaps add an exclusion for the FMC or add the proxy root cert to the FMC as a trusted certificate.

Tnx for your reply. No SSL decryption. It's simple Mikrotik Proxy 

This is a forced task that assigned to me. Do you have any other idea?

Tnx

If you face issue with ssl inspection then why you not make this traffic bypass ssl inspection?

I fastpath the traffic to the proxy via prefilter. So no SSL inspection in FTD. I saw this message a bug in previous versions. But This FMC updated to the latest suggested version

what is Firepower platform you have ?

FPR 2110 running FTD 7.0.5

clear conn address <<- clear the traffic in FPR and check again.

If you are using a MikroTik proxy server and encountering the "Peer certificate cannot be authenticated with known CA certificates" error while trying to update your Cisco FMC (Firepower Management Center) through the HTTP proxy, the issue is likely related to SSL certificate verification.

can you also check proxy server logs, examine the logs on your MikroTik proxy server to identify any errors or issues related to the SSL handshake or certificate verification. The logs may provide valuable information and lead to reslove the FMC issue.

please do not forget to rate.

Mikrotik doesn't show any descriptive logs just show the IPs. Is there any specific configuration that I must consider in mikrotiK for this issue?

 

Its difficult to say could you confirm if you can run the packet capture on both end and capture the data.

also please confirm if anything is change in the path for FMC. how it was upgraded (fmc) last time where the same proxy was used?

please do not forget to rate.

sina.naser
Level 1
Level 1

Last week Cisco made the version 7.2.4 suggested. I have updated to this version and the problem solved!

Review Cisco Networking for a $25 gift card