Solved: FMC - SNORT updates failing - Peer certificate cannot be authenticated

JLCrabtree · ‎01-25-2023

We couldn't get SNORT updates, the error was Peer certificate cannot be authenticated with known CA certificates

I connected via ssh, opened an expert shell and started checking log files and I found a lot of this

curl: (60) SSL certificate problem: unable to get local issuer certificate

in

/var/log/schedule_tasks.log

This lead me to add the Identrust root CA and HydrantID intermediate CA certificate PEM files to

/etc/sf/keys/fireamp/thawte_roots

then run

sudo c_rehash /etc/sf/keys/fireamp/thawte_roots

to process them in correctly. This resolved the curl error above allowing the FMC to download SNORT updates.

Edit: You need these specific certs

HydrantID Server CA O1
IdenTrust Commercial Root CA 1

JLCrabtree · ‎01-25-2023

Initial post IS the solution

View solution in original post

JLCrabtree · ‎01-25-2023

Initial post IS the solution

sina.naser · ‎05-29-2023

How do I find these certificates?

sv7 · ‎11-16-2023

Is there impact or need any maintenance window to do these changes ?.

Barrett Cowan · ‎11-28-2023

This may not be solved for some. Here's the bug https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm03931. Even though your version may not be listed, the fix is updating to the latest recommended version.