Host Categorization Download fails with "Error: Failed Get Request".

book

Article ID: 193862

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

Customer has reported that an attempt to download the Host Categorization Database has failed.  When they view the Host Categorization Status page they see the Database Status is "Error: Failed Get Request".

Cause

After normal troubleshooting of username and password verification, network connectivity, etc. there are a couple other things that should be viewed.  Go the the PKI page and click on the imported-management-certificate-authorities, see if there any certificates that show up in the Management Certificate Authorities, if there are, take note of them.  Next, look in the browser-trusted list within the list of Management Certificate Authorities List, are any of the imported-management-certificate-authorities that you viewed previously in the browser-trusted list?  The browser-trusted list is used for SSL context.  Unless it is required for the customer configuration, remove the certificates.  After removal, try downloading the database again.  It will likely be successful.

This issue has been seen previously.  Most likely one of the certificates that was brought into browser-trusted was created by a Windows server and has an extra carriage return.  This can be corrected on the certificate by utilizing dos2unix command.  This issue is considered a bug, SVF-8144.  This has been fixed and will be included in SSLv 4.5.5.1.  It derives from a corruption of concatenated PEM files as a result of Windows EOL sequence in source PEM data.

Environment

Release :4.4.x

Component :

Resolution

Remove certificates from the browser-trusted list or process certificates in the browser-trusted list with dos2unix.