IPS : HOST certificate issue...

Answered Question
Jul 2nd, 2010
User Badges:

Dear All,


I have doubt on host certificate:


I have two AIP-SSM module shows different host certificate value though i have installed/configured both on same date.


I am not very sure what this host certificate is.. could any1 help me to understand it.. and what is impect if it doesnt match...


IPS in Active ASA:

Host Certificate Valid from: 12-Jan-2009 to 13-Jan-2011

IPS in standby ASA:

Host Certificate Valid from: 04-Jun-2009 to 05-Jun-2011

Regards

Amar

Correct Answer by Scott Fringer about 6 years 9 months ago

Amar;


  The host certificate is used for establishing secure communication between the sensor and managing devices such as IPS Manager Express, CS-MARS, etc.  It can be re-generated from the CLI by issuing:


tls generate-key


  It will be valid for two years from the date it was generated.


Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
Scott Fringer Fri, 07/02/2010 - 11:14
User Badges:
  • Cisco Employee,

Amar;


  The host certificate is used for establishing secure communication between the sensor and managing devices such as IPS Manager Express, CS-MARS, etc.  It can be re-generated from the CLI by issuing:


tls generate-key


  It will be valid for two years from the date it was generated.


Scott

amardram123 Sat, 07/03/2010 - 01:32
User Badges:

Thanks scott,


Does it require any license or any other details to genrate... or i can simply issue the command "tls generate-key" and it will work...


Regards

Amar...

w-collazo Wed, 02/09/2011 - 05:31
User Badges:

Thanks. My problem started when i could no longer communicate to the sensor and IME was displaying "not connected" for one of my senors. I actually unistalled Cisco IME, Upgrade to version 7.0.3 and then notice i was getting an error in regards to the Certificate. I came across this forum and it solved my problem in a matter of seconds. Thanks.


Ricky Morales

Actions

This Discussion