This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mike_Jensen
Advisor
‎2024-05-29 12:01 PM

Gateways fail to download IoC feed - peer certificate cannot be authenticated with given CA certific

I am running R81.10 with GA Jumbo take 139 installed.

I have a custom IoC feed set to use the Talos blacklist and noticed in my logs the list is failing to update -

"External IOC - External Indicators processing failed
Talos_blacklist: Failed to fetch feed. Resource: https://www.talosintelligence.com/documents/ip-blacklist, Reason: Peer certificate cannot be authenticated with given CA certificates"

I have followed sk169919 and added the websites certificate as well as it's root certificate in the "Trusted CAs" portion of SmartDashboard's HTTPS Inspection, saved my changes, installed access control policy, and the IoC feed still fails to update for the same reason.

I am adding the certificates by going to Actions > "Import outbound Certificate".

I don't know what I am missing to make this work?

 
0 Kudos
4 Replies
the_rock
Legend
Legend
‎2024-05-29 12:07 PM

Did you choose the right format?

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-05-29 01:06 PM

Do you include all the intermediate CAs that are needed to validate the cert?
You might also try the workaround in:  https://support.checkpoint.com/results/sk/sk169919 

0 Kudos
Mike_Jensen
Advisor
‎2024-05-29 01:16 PM
In response to PhoneBoy

I must have been missing the intermediate CA's.  Fortunately the latest Check Point updated CA  list has all of the certs I needed.

0 Kudos
Mike_Jensen
Advisor
‎2024-05-29 01:14 PM

I ended up manually updating the trusted CA's list by downloading the .zip from the link in sk64521, then I followed the rest of that sk to install on my SMS, installed access control policy, and the IoC feed update is now successful. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events