All of our Firepower Management Centers stopped downloading updates. VDB updates etc. are also not working. Internet connectivity is fine.
Error message trying to download updates: Download updates failed: Error parsing the update file. The file may have been corrupted or the download was incomplete.
Error message trying to download rule updates: Error parsing the update file. The file may have been corrupted or the download was incomplete.
Error message trying to download Geolocation Updates: Failed to fetch the latest Geolocation Update from the Support Site.
When you go to Summary Dashboard, Status, the Product Updates part stays empty.
We see it at several locations, so different internet connections. Checking internet connectivity from CLI is all fine.
Others having same issue?
Exactly the same issue
Running this as per the troubleshooting here.
"admin@Firepower:~# sudo openssl s_client -connect support.sourcefire.com:443"
Returns "Verify return code: 20 (unable to get local issuer certificate). This is true for any https based site - lack of trusted root CA. Not sure why it's vanished/died, but nice to see it's not just me.
Manual updates work (download yourself then upload to FMC), so that's a temporary workaround.
We are having this problem as well, on FMC version 126.96.36.199. Running the command "sudo openssl s_client -connect support.sourcefire.com:443" as [@planning-inc] recommended gives the same output ("Verify return code: 20 (unable to get local issuer certificate)"). This started occurring just within the past few days.
Manual rule and Geolocation DB updates seem to work just fine.
Thank you all for your answers. I see this issue in 6.0, 6.1 and 6.2 ... so it looks like every version is having problems. I suppose Cisco is aware if this issue and they will solve it soon.
Odd - it might be something in the trusted root store that FMC uses.
I checked support.sourcefire.com and it resolves to 4 AWS EC2 instances all with the same valid certificate.
Server Key and Certificate #1
Fingerprint SHA256: bb4e6b00955dbee84016d7dedc65838a780e1f30354e0d756a18c3b4decef949
Pin SHA256: AHQlXzgIi3xXeDiSoLHFot4xto7QtktZE30000DTFwI=
|Valid from||Tue, 25 Aug 2015 00:00:00 UTC|
|Valid until||Thu, 24 Aug 2017 23:59:59 UTC (expires in 2 months and 11 days)|
I am running 188.8.131.52 and just had this same issue - now the Products Update status will not populate - never-ending spinning status wheel.
Was there a fix that I did not see - otherwise I guess I will open a TAC case.
Is there any workaround for this issue?, I´m still facing at 6.2.3 version.
admin@firepower:~$ sudo openssl s_client -connect support.sourcefire.com:443
Verify return code: 20 (unable to get local issuer certificate)
Same problem here running 184.108.40.206. Been having this issue since yesterday and I thought it was just me and have been trying to troubleshoot. I am glad it is not just me that is affected.