WARNING #500: Module 10053 (agent Threat Feeds addresses): watch list update failed: Unexpected response code: 301 Moved Permanently

dshield.org changed the URL of this threat list.

To fix this problem, please change agent URL parameter and import site certificate into JRE truststore:

  1. Change Threat Feeds addresses agent's URL to https://secure.dshield.org/feeds/suspiciousdomains_High.txt

    agentURLParam.png

  2. Optionally, Threat Feeds IP blocks agent's URL can be changed to https://feeds.dshield.org/block.txt

  3. Stop NFO Updater (Data Feeder): /etc/init.d/nfi_updd stop

  4. Download Root Certificate OR intermediate.

    1) Root Cert: https://www.identrust.com/certificates/trustid/root-download-x3.html

    2) Intermediate: https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt

  5. Import certificate into java trustore:
    1) For root cert:
    Add "-----BEGIN CERTIFICATE-----" at fist line and "-----END CERTIFICATE-----" at last line. Certificate should looks like following:
    -----BEGIN CERTIFICATE-----
    MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
    ......
    -----END CERTIFICATE-----
    After that import certificate:
    /opt/nfi-updater/java/jre8/bin/keytool -import -alias dst-root-ca-x3 -keystore /opt/nfi-updater/java/jre8/jre/lib/security/cacerts -storepass changeit -file dst-root-ca-x3.crt

    2) For intermediate:
    /opt/nfi-updater/java/jre8/bin/keytool -import -alias lets-encrypt-x3 -keystore /opt/nfi-updater/java/jre8/jre/lib/security/cacerts -storepass changeit -file lets-encrypt-x3-cross-signed.pem.txt


  6. Start NFO Updater (Data Feeder): /etc/init.d/nfi_updd start
  7. Run agent to check configuration. If certificate hasn't been imported correctly, you would see following warning:

    certWarn.png

This issue will be fixed in NFO 2.4.9.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.