KSC 11 Download updates Failed to establish the HTTPS connection: TLS error (54). '/'

  • 4 July 2019
  • 8 replies

Hello everyone,

KSC version (with autopatch A)
KSWS version
KES version

I have a problem to download updates since yesterday (morning? last update is from 03.07.2019 - 05:58 (Zurich time)).

Failed to establish the HTTPS connection: TLS error (54). '/'

When I check the URL I can see that the trusted root certificate seems to be untrusted.

(you cannot trust this root certificate authority...)

I tried also to directly update a KES from Kaspersky servers, same error :

Is there something in your infrastucture causing that? Any knows problem?


8 replies

Further tests brought me the following data :
KSWS manual update through Kaspersky Servers (not ksc) are succeeding.
KES 11 manual update through Kaspersky Servers (not ksc) are partially succeeding (although it reports the secure connection error and task failure, database date is correct)
KES 10 update through Kaspersky Servers (not ksc) are succeeding.

The problem could come from a particular module or url.


Maybe it's this problem?

Hello Oleg,

Thanks for your answer.
Traffic security module is not running on the KSC server.

And if I check "https://s11.upd.kaspersky.com" on a lab without running with an antivirus or behind a NGFW, I have the root cert error, untrusted authority.
Still not working.
We trusted the root cert for the domain, no luck. It looks like the KSC has his own trusted cert repository?

We have a workaround but it would be great to fix that. Can you look if something happened on you side (about the kaspersky authority : "Kaspersky Lab Public Services Root Certification Authority") ?
It's kind of strange as I have 3 KSC with the same problem (different infrastructure, different domain) and 1 KSC without problem (which is a off domain server providing Kaspersky service to remote computers).

Hello guys,

After running a few days on our workaround (choosing our public KSC as master and update server), I switched back the download to Kaspersky Servers source and it seems to work now.

Did you changed something or did the workaround made things go right?

I assume this topic relates to the following description about https and certificate usage with KSC 11:


Following document is also helpful as it describe servers to use and how to switch to http instead

https://support.kaspersky.com/15052 KSC
https://support.kaspersky.com/15038 KES

Userlevel 2
hello @bsylvain

please see the link below -

Network parameters in Kaspersky Security Center 11 for interacting with external services

You can download updates via HTTP. Above link below side there is solutions for that,
klscflag.exe tool and the command line:
klscflag.exe -fset -pv klserver -s Updater -n DisableKLHttps -t d -v 1

Use Http instead of Https !!

Another problem may occurred: check the dns, if its work correctly.

have a good day.

@Joel2015 @Deadlock4400
Thank you for the infos, we're gonna check that. We are trying to avoid the downgrading to http.

Have a good day.


Reply / Ответить