Error while downloading Signature Bundle from NSX Intel Cloud when Transparent Proxy is used
search cancel

Error while downloading Signature Bundle from NSX Intel Cloud when Transparent Proxy is used

book

Article ID: 387026

calendar_today

Updated On:

Products

VMware NSX VMware NSX Firewall Advanced Threat Protection Platform VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

Error will show in the NSX-UI > Security > IDS/IPS Malware Prevention > Signature Management > Bundle Version

Environment

NSX versions 4.x

Cause

This is caused by NSX Manager not being able import the required CA Certificate for TLS inspection.

In the /var/log/proton/nsxapi.log you will see errors related to IDS. 
2025-01-01T00:00:00.000Z ERROR IDS_AUTO_DOWNLOAD_TASK-0 IdsSignatureUtils 76868 POLICY [nsx@6876 comp="nsx-manager" errorCode="PM523931" level="ERROR" subcomp="manager"] IDS - Got Error while downloading Sign
ature Bundle from NSX Intel Cloud
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://api.prod.nsxti.vmware.com/2.0/auth/register": PKIX path building failed: java.security.cert.CertPathBuilderExcept
ion: Unable to find certificate chain.; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain.
-
With Cause;
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain.
Caused by: java.security.cert.CertPathBuilderException: Unable to find certificate chain.

Resolution

This is a known issue affecting NSX 

As a workaround you can download the bundle offline by using the documentation link below for "Downloading Signatures Manually." Another option would be to bypass the Transparent Proxy or have an exception for this signature download process. 

Additional Information

Powered by Wolken Software