BugZero | Cisco BugID CSCwa87714 - 6.7.0.3:Peer certificate cannot be authenticated w...

Cisco - Defect ID: CSCwa87714

6.7.0.3:Peer certificate cannot be authenticated with known CA certificates upon doing SRU update

Cisco - Defect ID: CSCwa87714

6.7.0.3:Peer certificate cannot be authenticated with known CA certificates upon doing SRU update

Last updated on 5/10/2023

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

Peer certificate cannot be authenticated with known CA certificates 2022-02-05 04:47:32 ngfw-job-scheduler-worker-1: INFO AuditEntityRepositoryImpl:84 - Creating AuditEvent: sruupdateimmediate : bb3b1bde-863e-11ec-9620-6feed7ba5c0f : Rule Update 2022-02-05 04:47:32 ngfw-job-scheduler-worker-1: INFO AuditEntityRepositoryImpl:94 - No entity changes to create 2022-02-05 04:47:32 ngfw-job-scheduler-worker-1: INFO SRUUpdateImmediateJob:52 - Updating Rule Update triggered by UI. Deploy after update is set to true 2022-02-05 04:47:32 ngfw-job-scheduler-worker-1: INFO SRUUpdateServices:149 - Start Rule Update package download. 2022-02-05 04:47:32 ngfw-job-scheduler-worker-1: INFO SRUUpdateServices:445 - Downloading file from https://support.sourcefire.com/auto-update/auto-dl.cgi//GetCurrent/sf.xml to /ngfw/var/sf/SRU/sf.xml 2022-02-05 04:47:33 ngfw-job-scheduler-worker-1: ERROR SRUUpdateServices:480 - Failed to download file: sf.xml 2022-02-05 04:47:33 ngfw-job-scheduler-worker-1: ERROR SRUUpdateServices:165 - Failed to download sf.xml file. Curl return code: 7 2022-02-05 04:47:33 ngfw-job-scheduler-worker-1: INFO SRUUpdateHandlerImpl:60 - Return code from downloadService: 7 2022-02-05 04:47:33 ngfw-job-scheduler-worker-1: ERROR SRUUpdateHandlerImpl:68 - Failed to download Rule Updatejava.lang.Exception 2022-02-05 04:47:33 ngfw-job-scheduler-worker-1: INFO NgfwJob:201 - SRUUpdateImmediateJob Job status update: Peer certificate cannot be authenticated with known CA certificates - IN_PROGRESS 2022-02-05 04:47:33 ngfw-job-scheduler-worker-1: INFO AuditEntityRepositoryImpl:84 - Creating AuditEvent: sruupdateimmediate : bbb1d27f-863e-11ec-9620-578c7ddf1318 : Rule Update 2022-02-05 04:47:33 ngfw-job-scheduler-worker-1: INFO AuditEntityRepositoryImpl:94 - No entity changes to create 2022-02-05 04:47:33 ngfw-job-scheduler-worker-1: INFO NgfwJobListener:153 - SRUUpdateImmediate job execution has completed and will not run again. Deleting entity.

Conditions

when I try to update the SRU in latest build, I am getting the error while downloading the package in 5516 FDM mode

Workaround

We need to manually upload the latest SRU package available in cisco page and install the package in device

Further Problem Description

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwa87714

6.7.0.3:Peer certificate cannot be authenticated with known CA certificates upon doing SRU update

Cisco - Defect ID: CSCwa87714

6.7.0.3:Peer certificate cannot be authenticated with known CA certificates upon doing SRU update

Last updated on 5/10/2023

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?