• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort ruleset update errors, SSL certificate problem

Scheduled Pinned Locked Moved IDS/IPS
3 Posts 3 Posters 1.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    JohnPFsense
    last edited by Dec 23, 2015, 8:03 PM

    I'm not really sure if this is just a problem for me. I searched the forum but haven't found any posts. 
    This has been going on for at least two months but now I tried to fix this by doing a reinstall without saving setings. This procedure removed all the old (but outdated) rules.
    Emerging threats still work,community rules, VRT- and Snort OpenAppID Detector rules don't work.

    I'm hoping someone has a solution.

    from the RULE SET UPDATE LOG

    Downloading Snort VRT rules md5 file snortrules-snapshot-2976.tar.gz.md5…
    Checking Snort VRT rules md5 file...
    There is a new set of Snort VRT rules posted.
    Downloading file 'snortrules-snapshot-2976.tar.gz'...
    Snort VRT rules file download failed.  Server returned error 0.
    The error text was: SSL certificate problem: self signed certificate
    Snort VRT rules will not be updated.

    1 Reply Last reply Reply Quote 0
    • B
      BBcan177 Moderator
      last edited by Dec 23, 2015, 8:06 PM

      The error text was: SSL certificate problem: self signed certificate

      This is the issue… The Snort VRT URL shouldn't be using a self-signed cert? The Snort/Suricata package use more stringent cURL SSL settings.

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • B
        bmeeks
        last edited by Dec 24, 2015, 12:01 AM Dec 23, 2015, 11:55 PM

        No problem here in the USA with Snort VRT updates.  Here is the log output from just after midnight Eastern Standard Time today –

        
Starting rules update...  Time: 2015-12-23 01:30:01
	Downloading Snort VRT rules md5 file snortrules-snapshot-2976.tar.gz.md5...
	Checking Snort VRT rules md5 file...
	There is a new set of Snort VRT rules posted.
	Downloading file 'snortrules-snapshot-2976.tar.gz'...
	Done downloading rules file.
	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
	Checking Emerging Threats Open rules md5 file...
	There is a new set of Emerging Threats Open rules posted.
	Downloading file 'emerging.rules.tar.gz'...
	Done downloading rules file.
	Extracting and installing Snort VRT rules...
	Using Snort VRT precompiled SO rules for FreeBSD-10-0 ...
	Installation of Snort VRT rules completed.
	Extracting and installing Emerging Threats Open rules...
	Installation of Emerging Threats Open rules completed.
	Copying new config and map files...
	Updating rules configuration for: WAN ...
	Updating rules configuration for: DMZ ...
	Updating rules configuration for: LAN ...
	Restarting Snort to activate the new set of rules...
	Snort has restarted with your new set of rules.
The Rules update has finished.  Time: 2015-12-23 01:30:54

        Could be (or could have been) a temporary condition.

        Bill

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received