To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Can't download update definitions with https

Options
Vianney
Vianney W/ Member Posts: 3 Security Scout

Hey,
We use WS Business Suite (Security Prenium) and until my certificate expires, definition updates was working fine.

I had updated fspms.jks with new one, can connect to my server with https protocol with firefox, and certificate chain is good. But updates doesnt work.

I have temporaly switch in HTTP in order to make the updates, but I want to get back to https

Thank you for help

Best Answer

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 521 Moderator
    Solved
    Options

    Hi @Vianney ,

    It might be that root and intermediate certs were not included in the pkcs12 file as article recommends. 

    Another option is to import CA cert to the PM DB as recommended in the article.

    As you are using PM Proxy, can you run "fspmp-enroll-tls-certificate.bat" script located in the Policy Manager Proxy Server installation folder ?

Answers

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 521 Moderator
    Options

    Hi @Vianney ,

    Thank you for reaching out to WithSecure Community.

    Can you please confirm the below :

    1. What steps did you use you replace/update fspms.jks file ? Did you use the steps documented in our article here ? https://community.withsecure.com/en/kb/articles/29369-how-to-replace-the-default-self-signed-policy-manager-certificate-with-a-trusted-certificate-authority-ca-created-certificate
    2. Also, may I know if you have Policy Manager Proxy in your environment, or just Clients and Policy Manager Server ?

  • Vianney
    Vianney W/ Member Posts: 3 Security Scout
    Options

    hi James,
    Thanks for replying. I actually used this link, if I look at the contents of my fspms.jks file i got my cert and the certification chain.
    On the other hand, I actually forgot to say that I have a Policy Manager Proxy. I tried to uncheck the box of the proxy line in "Endpoint Detection & reponse" without result unless if i uncheck "use https protocol".

  • Vianney
    Vianney W/ Member Posts: 3 Security Scout
    Options

    Thanks a lot!!
    I missed the "fspmp-enroll-tls-certificate.bat" part.
    It works

    Great job James