Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Can't update IPS rules
  •  
digitaldomus

Messages: 6
Karma: 1
Send a private message to this user
[28/Dec/2012 10:11:28] IPS rules update: Download error: Problem with the SSL CA cert (path? access rights?).

What's going wrong ?
  •  
mlee (Kerio)

Messages: 246
Karma: 16
Send a private message to this user
Since it's a SSL cert error, have you tried verifying the SSL cert?

Here's an URL to the administrator guide:
http://manuals.kerio.com/control/adminguide/en/sect-wwwintpa rams.html

M.

PTSD. BP. OCD. ASPD. BPD. Certified.
  •  
digitaldomus

Messages: 6
Karma: 1
Send a private message to this user
I've recreated our self-signed certificate following the instructions in that page, the operation completes successufly, but I still get that error trying to update IPS rules.
BTW I don't understand why the IPS updater would have to use the certificate used by the admin interface.
If I have to import YOUR certificate, where I can find it and where I have to put it ?
  •  
abroehl

Messages: 5
Karma: 4
Send a private message to this user
i am now getting this too, unable to update my IPS def. in the logs i find this:

[05/Feb/2014 14:18:25] IPS: Port Scan, protocol: TCP, source: XX.0.0.1, destination: XX.0.0.15, ports: 52029, 52030, 52038, 52039, 52040, 52041, 52042, 52043, 52045, 52046, ...
[05/Feb/2014 14:18:38] IPS: Packet drop, severity: Blacklist, Rule ID: 1:2402000 ET DROP Dshield Block Listed Source group 1, proto:TCP, ip/port:192.168.2.102:52831 -> 108.178.41.82:80

i have not changed my configuration in 6 months. i am currently running 8.2.2 patch 1 build 1684

any help would be great on this
  •  
markt

Messages: 56
Karma: 4
Send a private message to this user
+1 from me:
Error log: [06/Feb/2014 10:48:29] IPS rules update: Download error: Couldn't connect to server.
with corresponding security log:
[06/Feb/2014 10:48:08] IPS: Packet drop, severity: Blacklist, Rule ID: 1:2402000 ET DROP Dshield Block Listed Source group 1, proto:TCP, ip/port:<my ip>:2381 -> 108.178.41.83:80

First seen 10:47 on 5th feb, UK time.
  •  
transunion

Messages: 2
Karma: 0
Send a private message to this user
markt the same happends to me.
  •  
markt

Messages: 56
Karma: 4
Send a private message to this user
I have isolated kerio from the LAN, deactivated IPS and forced the update to connect. This has brought down a corrected set of rules.
  •  
Kerio_ppolak

Messages: 19
Karma: 2
Send a private message to this user
Hello all,

we're working on a fix for this issue. The main issue of the problem is that the address range of our IPS update servers got blacklisted and IPS will not allow Control to download the new update, where we fixed this.

According to the latest update, Control should be able to download the fixed definition file now (or in few minutes from now).

We are very sorry for the inconvenience.

Pavel Polak
Technical Operations Director | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Columbia

Messages: 24
Karma: 1
Send a private message to this user
I have the same problem over 3 weeks. In journal of errors every update of IPS rules shows: IPS rules update: Download error: Peer certificate cannot be authenticated with given CA certificates. How to resolve this problem?
Manual update and configuration of IPS - no success.
Previous Topic: IPS self blocking upates
Next Topic: DHCP Server
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Jul 20 16:47:45 CEST 2017

Total time taken to generate the page: 0.00448 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.