What does this IPS message indicate?

Answered Question
Dec 18th, 2008

evError: eventId=1229364010346777529 vendor=Cisco severity=warning

originator:

hostId: IPS

appName: cidwebserver

appInstanceId: 22081

time: Dec 18, 2008 19:30:56 UTC offset=0 timeZone=-8

errorMessage: received fatal alert: certificate_unknown

Messages, like this one, in the category - receipt of TLS fatal alert message - were logged 1795 times in the last 3601 seconds. name=errWarning

I have this problem too.
0 votes
Correct Answer by jguertin2 about 8 years 1 week ago

In its simplest form, the command is:

packet display

although there are additional parameters that you can specify. Use ? to see the options.

Correct Answer by marcabal about 8 years 1 month ago

Soemthing is try to connect to your sensor using an incorrect TLS certificate.

This error is very common in situations where your sensor now has a newer TLS certificate (usually becuase of re-imaging the sensor, or creating a new TLS certificate because the older one expired).

Go to all of your management station boxes and ensure that they have been updated with the sensor's new TLS certificate.

If you are not sure which management boxes may not have been updated, then run the packet display command on the sensor's management interface and look to see which IPs are attempting to connect to your sensor's web server.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
marcabal Thu, 12/18/2008 - 12:49

Soemthing is try to connect to your sensor using an incorrect TLS certificate.

This error is very common in situations where your sensor now has a newer TLS certificate (usually becuase of re-imaging the sensor, or creating a new TLS certificate because the older one expired).

Go to all of your management station boxes and ensure that they have been updated with the sensor's new TLS certificate.

If you are not sure which management boxes may not have been updated, then run the packet display command on the sensor's management interface and look to see which IPs are attempting to connect to your sensor's web server.

saidfrh Thu, 12/18/2008 - 12:58

What is the command to run "the packet display command on the sensor's management interface and look to see which IPs are attempting to connect to your sensor's web server."

Correct Answer
jguertin2 Mon, 01/12/2009 - 12:19

In its simplest form, the command is:

packet display

although there are additional parameters that you can specify. Use ? to see the options.

Actions

This Discussion