Why is MetaDefender Sandbox failing to retrieve reputation data due to SSL handshake errors?

Overview:

This article addresses SSL handshake errors encountered by MetaDefender Sandbox when attempting to retrieve reputation data from https://api.metadefender.com and various external sources.

Symptoms

• SSL handshake failures when connecting to https://api.metadefender.com.
• Inability to retrieve reputation data.
• Additional errors from external sources such as:
  • alienvault.com
  • blocklist.de
  • github.com/BBcan177
  • darklist.de
  • emergingthreats.net
  • censys.io

These issues often persist even after importing the main certificate and bypassing SSL inspection for api.metadefender.com.

Root Cause:

The most common cause is network-level restrictions or firewall rules that block outbound connections to required external reputation sources.

Resolution

Follow the steps below to resolve the SSL handshake issues:

1. Import the SSL Certificate

Export the SSL certificate from https://api.metadefender.com in .cer format and install it into the trusted store:

sudo cp _.metadefender.com.cer /usr/local/share/ca-certificates/_.metadefender.com.cer sudo update-ca-certificates

Reboot the system to apply the changes:

sudo reboot

2. Allow External Connectivity

Ensure the firewall allows outbound access to the following reputation sources:

• alienvault.com
• blocklist.de
• github.com/BBcan177
• darklist.de
• emergingthreats.net
• censys.io

Workarounds

If firewall adjustments are not feasible, update errors related to these external sources can be safely ignored. MetaDefender Sandbox uses internal reputation sources (including IP blocklists) that enable it to continue operating effectively even without external updates.

Additional Recommendations

• Ensure the system meets minimum hardware requirements. At least 32 GB RAM is required for stable performance. Technical Requirements - MetaDefender Sandbox
• Regularly verify outbound network access if the environment’s security policies change.