Can't download update definitions with https

Vianney · 2024-05-16T09:20:58+00:00

There was an error rendering this rich post.

Hey,
We use WS Business Suite (Security Prenium) and until my certificate expires, definition updates was working fine.

I had updated fspms.jks with new one, can connect to my server with https protocol with firefox, and certificate chain is good. But updates doesnt work.

I have temporaly switch in HTTP in order to make the updates, but I want to get back to https

Thank you for help

Find more posts tagged with

Accepted answers

JamesC

Hi @Vianney ,

It might be that root and intermediate certs were not included in the pkcs12 file as article recommends.

Another option is to import CA cert to the PM DB as recommended in the article.

As you are using PM Proxy, can you run "fspmp-enroll-tls-certificate.bat" script located in the Policy Manager Proxy Server installation folder ?

All comments

Vianney

Thanks a lot!!
I missed the "fspmp-enroll-tls-certificate.bat" part.
It works

Great job James

JamesC

Hi @Vianney ,

It might be that root and intermediate certs were not included in the pkcs12 file as article recommends.

Another option is to import CA cert to the PM DB as recommended in the article.

As you are using PM Proxy, can you run "fspmp-enroll-tls-certificate.bat" script located in the Policy Manager Proxy Server installation folder ?

Vianney

hi James,
Thanks for replying. I actually used this link, if I look at the contents of my fspms.jks file i got my cert and the certification chain.
On the other hand, I actually forgot to say that I have a Policy Manager Proxy. I tried to uncheck the box of the proxy line in "Endpoint Detection & reponse" without result unless if i uncheck "use https protocol".

JamesC

Hi @Vianney ,

Thank you for reaching out to WithSecure Community.

Can you please confirm the below :

What steps did you use you replace/update fspms.jks file ? Did you use the steps documented in our article here ? https://community.withsecure.com/en/kb/articles/29369-how-to-replace-the-default-self-signed-policy-manager-certificate-with-a-trusted-certificate-authority-ca-created-certificate
Also, may I know if you have Policy Manager Proxy in your environment, or just Clients and Policy Manager Server ?