Failing BCIS database download
Article ID: 191356
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
Failed to connect to subscription.es.bluecoat.com; Server certificate expired or not valid yet
Cause
The system time is incorrect
Resolution
In Maintenance>Service Information>Packet Captures, confirm all interfaces in both directions is chosen.
Run a packet capture with the following filter:
host subscription.es.bluecoat.com
Start the packet capture
In Configuration>Content Filtering>Blue Coat, confirm BCIS is enabled in the menu. If it is not and this is the service you intend to use, change this and apply.
Start download
Refresh status. Confirm the last time stamp changed and failed with the same error.
Download and open the packet capture
Look for the Certificate packet and confirm the validity date:
All certificate validity dates are confirmed as valid as viewed by the certificate chain in the pcap.
Check system time:
For the Management Console go to Configuration>Clock
Update if needed
In the CLI:
Run a packet capture with the following filter:
host subscription.es.bluecoat.com
Start the packet capture
In Configuration>Content Filtering>Blue Coat, confirm BCIS is enabled in the menu. If it is not and this is the service you intend to use, change this and apply.
Start download
Refresh status. Confirm the last time stamp changed and failed with the same error.
Download and open the packet capture
Look for the Certificate packet and confirm the validity date:
All certificate validity dates are confirmed as valid as viewed by the certificate chain in the pcap.
Check system time:
For the Management Console go to Configuration>Clock
Update if needed
In the CLI:
proxy>enable
proxy#show clock
proxy#config t
proxy#clock hour 0-23
proxy#clock minute 0-59
proxy#clock second 0-59
proxy#clock year 4 digit year
proxy#clock month 1-12
proxy#clock day 1-31
proxy>enable
proxy#configure terminal
load trust-package
Feedback
Yes
No
Powered by
