https://community.checkpoint.com/t5/General-Topics/Gateways-fail-to-download-IoC-feed-peer-certificate-cannot-be/m-p/215561#M35625 <P>I am running R81.10 with GA Jumbo take 139 installed.</P> <P>I have a custom IoC feed set to use the Talos blacklist and noticed in my logs the list is failing to update -</P> <P>"External IOC - External Indicators processing failed<BR />Talos_blacklist: Failed to fetch feed. Resource: <A href="https://www.talosintelligence.com/documents/ip-blacklist" target="_blank">https://www.talosintelligence.com/documents/ip-blacklist</A>, Reason: Peer certificate cannot be authenticated with given CA certificates"</P> <P>I have followed&nbsp;<SPAN class="css-13y3t3g"><SPAN class="css-vy7rm">sk169919 and added the websites certificate as well as it's root certificate in the "Trusted CAs" portion of SmartDashboard's HTTPS Inspection, saved my changes, installed access control policy, and the IoC feed still fails to update for the same reason.</SPAN></SPAN></P> <P><SPAN class="css-13y3t3g"><SPAN class="css-vy7rm">I am adding the certificates by going to Actions &gt; "Import outbound Certificate".</SPAN></SPAN></P> <P><SPAN class="css-13y3t3g"><SPAN class="css-vy7rm">I don't know what I am missing to make this work?</SPAN></SPAN></P> <DIV class="css-96coje"><HR /></DIV> <DIV class="css-1giyqeu">&nbsp;</DIV> Wed, 29 May 2024 19:01:28 GMT Mike_Jensen 2024-05-29T19:01:28Z https://community.checkpoint.com/t5/General-Topics/Gateways-fail-to-download-IoC-feed-peer-certificate-cannot-be/m-p/215561#M35625 <P>I am running R81.10 with GA Jumbo take 139 installed.</P> <P>I have a custom IoC feed set to use the Talos blacklist and noticed in my logs the list is failing to update -</P> <P>"External IOC - External Indicators processing failed<BR />Talos_blacklist: Failed to fetch feed. Resource: <A href="https://www.talosintelligence.com/documents/ip-blacklist" target="_blank">https://www.talosintelligence.com/documents/ip-blacklist</A>, Reason: Peer certificate cannot be authenticated with given CA certificates"</P> <P>I have followed&nbsp;<SPAN class="css-13y3t3g"><SPAN class="css-vy7rm">sk169919 and added the websites certificate as well as it's root certificate in the "Trusted CAs" portion of SmartDashboard's HTTPS Inspection, saved my changes, installed access control policy, and the IoC feed still fails to update for the same reason.</SPAN></SPAN></P> <P><SPAN class="css-13y3t3g"><SPAN class="css-vy7rm">I am adding the certificates by going to Actions &gt; "Import outbound Certificate".</SPAN></SPAN></P> <P><SPAN class="css-13y3t3g"><SPAN class="css-vy7rm">I don't know what I am missing to make this work?</SPAN></SPAN></P> <DIV class="css-96coje"><HR /></DIV> <DIV class="css-1giyqeu">&nbsp;</DIV> Wed, 29 May 2024 19:01:28 GMT https://community.checkpoint.com/t5/General-Topics/Gateways-fail-to-download-IoC-feed-peer-certificate-cannot-be/m-p/215561#M35625 Mike_Jensen 2024-05-29T19:01:28Z https://community.checkpoint.com/t5/General-Topics/Gateways-fail-to-download-IoC-feed-peer-certificate-cannot-be/m-p/215562#M35626 <P>Did you choose the right format?</P> <P>Andy</P> Wed, 29 May 2024 19:07:03 GMT https://community.checkpoint.com/t5/General-Topics/Gateways-fail-to-download-IoC-feed-peer-certificate-cannot-be/m-p/215562#M35626 the_rock 2024-05-29T19:07:03Z https://community.checkpoint.com/t5/General-Topics/Gateways-fail-to-download-IoC-feed-peer-certificate-cannot-be/m-p/215575#M35632 <P>Do you include all the intermediate CAs that are needed to validate the cert?<BR />You might also try the workaround in:&nbsp; <A href="https://support.checkpoint.com/results/sk/sk169919" target="_blank">https://support.checkpoint.com/results/sk/sk169919</A>&nbsp;</P> Wed, 29 May 2024 20:06:59 GMT https://community.checkpoint.com/t5/General-Topics/Gateways-fail-to-download-IoC-feed-peer-certificate-cannot-be/m-p/215575#M35632 PhoneBoy 2024-05-29T20:06:59Z https://community.checkpoint.com/t5/General-Topics/Gateways-fail-to-download-IoC-feed-peer-certificate-cannot-be/m-p/215578#M35635 <P>I ended up manually updating the trusted CA's list by downloading the .zip from the link in&nbsp;<SPAN>sk64521, then I followed the rest of that sk to install on my SMS, installed access control policy, and the IoC feed update is now successful.&nbsp;</SPAN></P> Wed, 29 May 2024 20:14:42 GMT https://community.checkpoint.com/t5/General-Topics/Gateways-fail-to-download-IoC-feed-peer-certificate-cannot-be/m-p/215578#M35635 Mike_Jensen 2024-05-29T20:14:42Z https://community.checkpoint.com/t5/General-Topics/Gateways-fail-to-download-IoC-feed-peer-certificate-cannot-be/m-p/215579#M35636 <P>I must have been missing the intermediate CA's.&nbsp; Fortunately the latest Check Point updated CA&nbsp; list has all of the certs I needed.</P> Wed, 29 May 2024 20:16:25 GMT https://community.checkpoint.com/t5/General-Topics/Gateways-fail-to-download-IoC-feed-peer-certificate-cannot-be/m-p/215579#M35636 Mike_Jensen 2024-05-29T20:16:25Z