Resolving the Problem
Auto update 9.9 or earlier: " Could not retrieve signature for manifest errors"
Administrators on auto update version 9.9 or earlier can experience connection issues due
to deprecated GPG keys. When older versions of auto update software attempt to connect to
Juniper Cloud, a 'Could not retrieve signature for manifest file'. To resolve this error,
administrators can run the JSA-AUProxyFP utility from Juniper Downloads page.
Error log example:
Fri Nov 510:30:062021 [DEVEL] Downloading "dau/dau.manifest.xml.asc"and placing in "/store/autoupdates/". Fri Nov 510:30:062021 [DEVEL] Attempting to retrieve https://auto-update.qradar.ibmcloud.com /dau/dau.manifest.xml.asc?version=7.4.3&customer=Example%20ExampleCorp.&lastau=0&lastpatch=0 &vendor=Q1%20Labs Fri Nov 510:30:062021 [INFO] Could not retrieve "dau/dau.manifest.xml.asc": 404 Not Found Fri Nov 510:30:062021 [ERROR] Could not retrieve signature for the manifest file.
Procedure
Use SSH to log in to the JSA console as the root user.
Navigate to the /var/log/autoupdates directory.
To locate the latest auto update log, type:
ls -lart.The output displays the auto update logs by date. For example,
[root@qradar-lab]# ls-lartdrwxr-xr-x 2 rootroot 66 Nov 11 15:40AU-1636662807drwxr-xr-x 2 rootroot 66 Nov 10 15:40AU-1631778909drwxr-xr-x 2 rootroot 66 Nov 09 15:40AU-1636490007
Navigate to the directory with the most recent auto update log by date.
Review the log for error messages. For example,
less AU-1636662807.log | grep'Could not retrieve signature'
Note:If the auto update version is 9.9 or earlier and the signature error is present in your auto update log, run the AUProxyFP-9.11 update.
Download the Auto Update Fix Pack utility from Juniper Downloads page to your laptop or workstation:
AUProxyFP.tgzCopy the file to a directory of the JSA Console, such as /root, /tmp, or /storetmp.
Navigate to the directory with the
AUProxyFP.tgz file.Type the following command to extract the file:
tar -zxvf AUProxyFP.tgzIf you experience an issue extracting the file with tar command, type:
gunzip -c AUProxyFP.tgz | tar zxvf -Type the following command to install the proxy fix pack:
./install.shIn the Admin tab, click the Auto Update icon and click Get New Updates.
Optional. After you start the auto update request, you can confirm your auto update version is updated.
[root@qradar-lab]# /opt/qradar/bin/UpdateConfs.pl -v9.10
Results
Wait for the auto update to run and confirm the update is successful. If you continue to experience errors, contact Juniper Customer Support
Auto update 9.10 and later: " Bad signature, Rejecting the manifest errors"
Administrators on auto update version 9.10 or later can experience an issue where the
au-cert.pem file is an old version, which can cause the server to return
a 'Bad signature' error. If you experience this error, you can delete the
au-cert.pem file from your Console and run a manual auto update.
Error log example:
Mon Nov 803:08:112021 [DEVEL] Running: openssl x509 -in /tmp/au_cert -pubkey -noout > /tmp/au_pub Mon Nov 803:08:112021 [DEVEL] openssl dgst -sha256 -verify /tmp/au_pub -signature /store/autoupdates/scripts /AUScripts.tgz.sig /store/autoupdates/scripts/AUScripts.tgz /var/log/autoupdates/AU-1636358882/AU-1636358882.log >> /var/log/autoupdates/AU-1636358882/AU-1636358882.log 2>&1 Mon Nov 803:08:112021 [DEVEL] Output of verification command above: Verification Failure Mon Nov 803:08:112021 [ERROR] Bad signature! Rejecting the manifest, aborting Mon Nov 803:08:112021 [ERROR] Could not verify the authenticity of scripts/AUScripts.tgz.
Procedure
Use SSH to log in to the JSA console as the root user.
Navigate to the /store/autoupdates directory.
Remove the file
au-cert.pemfile. For example,rm au-cert.pm.Run an auto update to receive an updated
au-cert-chain.pemfile.In the Admin tab, click the Auto Update icon and click Get New Updates.
Or
To start an auto update from the command line, type:
/opt/qradar/bin/UpdateConfs.pl -ds runnow 1
Results
When the Console connects to the auto update server, it replaces the removed
au-cert file with a new file named au-cert-chain. Wait
for the auto update to run. If the auto update fails, administrators can run the
AUProxyFP-9.11 utility. For information on running
AUProxyFP-9.11, see Auto update 9.9 or earlier: "Could not retrieve
signature for manifest errors" in this technical note. If you continue to experience
errors, contact Juniper Customer Support.