Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort ruleset update errors, SSL certificate problem

    IDS/IPS
    3
    3
    993
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JohnPFsense
      last edited by

      I'm not really sure if this is just a problem for me. I searched the forum but haven't found any posts. 
      This has been going on for at least two months but now I tried to fix this by doing a reinstall without saving setings. This procedure removed all the old (but outdated) rules.
      Emerging threats still work,community rules, VRT- and Snort OpenAppID Detector rules don't work.

      I'm hoping someone has a solution.

      from the RULE SET UPDATE LOG

      Downloading Snort VRT rules md5 file snortrules-snapshot-2976.tar.gz.md5…
      Checking Snort VRT rules md5 file...
      There is a new set of Snort VRT rules posted.
      Downloading file 'snortrules-snapshot-2976.tar.gz'...
      Snort VRT rules file download failed.  Server returned error 0.
      The error text was: SSL certificate problem: self signed certificate
      Snort VRT rules will not be updated.

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        The error text was: SSL certificate problem: self signed certificate

        This is the issue… The Snort VRT URL shouldn't be using a self-signed cert? The Snort/Suricata package use more stringent cURL SSL settings.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          No problem here in the USA with Snort VRT updates.  Here is the log output from just after midnight Eastern Standard Time today –

          
Starting rules update...  Time: 2015-12-23 01:30:01
	Downloading Snort VRT rules md5 file snortrules-snapshot-2976.tar.gz.md5...
	Checking Snort VRT rules md5 file...
	There is a new set of Snort VRT rules posted.
	Downloading file 'snortrules-snapshot-2976.tar.gz'...
	Done downloading rules file.
	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
	Checking Emerging Threats Open rules md5 file...
	There is a new set of Emerging Threats Open rules posted.
	Downloading file 'emerging.rules.tar.gz'...
	Done downloading rules file.
	Extracting and installing Snort VRT rules...
	Using Snort VRT precompiled SO rules for FreeBSD-10-0 ...
	Installation of Snort VRT rules completed.
	Extracting and installing Emerging Threats Open rules...
	Installation of Emerging Threats Open rules completed.
	Copying new config and map files...
	Updating rules configuration for: WAN ...
	Updating rules configuration for: DMZ ...
	Updating rules configuration for: LAN ...
	Restarting Snort to activate the new set of rules...
	Snort has restarted with your new set of rules.
The Rules update has finished.  Time: 2015-12-23 01:30:54

          Could be (or could have been) a temporary condition.

          Bill

          1 Reply Last reply Reply Quote 0
          • First post
            Last post