Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2407
Views
5
Helpful
3
Replies

FMC update error

Go to solution
michael18
Level 1
Level 1

‎04-26-2023 12:48 AM

Im trying to migrate from Virtual FMC to Physical. I need to update the VDB on the virtual to match the Physical but when running download updates in the system>updates tab I get error: peer certificate cannot be authenticated with known CA certificate 

the version is 7.0.1

theres was a bug for this that looks like it was fixed in previous version.  

The download updates were working previously.

the new physical is doing the same when trying to update the geo updates.

access through the firewall is working. DNS is working. 

what else can I look at.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
manabans
Cisco Employee
Cisco Employee

‎04-26-2023 05:59 PM

The symptoms shared match the Field notice - https://www.cisco.com/c/en/us/support/docs/field-notices/725/fn72501.html 
Field Notice: FN - 72501 - Firepower Software: Automatic Software Downloads And Content Updates Might Fail After January 10, 2023 - Software Upgrade Recommended

Workaround:
1. Enter sudo su in order to elevate to root.
2. Enter mv /etc/sf/keys/fireamp/thawte_roots /etc/sf/keys/fireamp/thawte_roots_bk in order to back up the current CA root bundle used for downloads.
3. Enter ln -s /etc/ssl/certs/ /etc/sf/keys/fireamp/thawte_roots to cause the updated CA root bundle to be used for subsequent downloads.

View solution in original post

3 Replies 3

Go to solution
manabans
Cisco Employee
Cisco Employee

‎04-26-2023 05:59 PM

The symptoms shared match the Field notice - https://www.cisco.com/c/en/us/support/docs/field-notices/725/fn72501.html 
Field Notice: FN - 72501 - Firepower Software: Automatic Software Downloads And Content Updates Might Fail After January 10, 2023 - Software Upgrade Recommended

Workaround:
1. Enter sudo su in order to elevate to root.
2. Enter mv /etc/sf/keys/fireamp/thawte_roots /etc/sf/keys/fireamp/thawte_roots_bk in order to back up the current CA root bundle used for downloads.
3. Enter ln -s /etc/ssl/certs/ /etc/sf/keys/fireamp/thawte_roots to cause the updated CA root bundle to be used for subsequent downloads.

Go to solution
michael18
Level 1
Level 1
In response to manabans

‎04-27-2023 12:48 AM

Thanks manabans

Ive searched everywhere for an answer but didnt find it. Thanks for sharing the answer.

0 Helpful

Go to solution
Khitijkhanna66240
Level 1
Level 1
In response to manabans

‎01-10-2024 12:23 PM

Got a New 4600 and got the same error ! thanks for the solution! it works 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card