cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5389
Views
9
Helpful
5
Replies

IPS : HOST certificate issue...

amardram123
Level 1
Level 1

Dear All,

I have doubt on host certificate:

I have two AIP-SSM module shows different host certificate value though i have installed/configured both on same date.

I am not very sure what this host certificate is.. could any1 help me to understand it.. and what is impect if it doesnt match...

IPS in Active ASA:

Host Certificate Valid from: 12-Jan-2009 to 13-Jan-2011

IPS in standby ASA:

Host Certificate Valid from: 04-Jun-2009 to 05-Jun-2011

Regards

Amar

1 Accepted Solution

Accepted Solutions

Scott Fringer
Cisco Employee
Cisco Employee

Amar;

  The host certificate is used for establishing secure communication between the sensor and managing devices such as IPS Manager Express, CS-MARS, etc.  It can be re-generated from the CLI by issuing:

tls generate-key

  It will be valid for two years from the date it was generated.

Scott

View solution in original post

5 Replies 5

Scott Fringer
Cisco Employee
Cisco Employee

Amar;

  The host certificate is used for establishing secure communication between the sensor and managing devices such as IPS Manager Express, CS-MARS, etc.  It can be re-generated from the CLI by issuing:

tls generate-key

  It will be valid for two years from the date it was generated.

Scott

Thanks scott,

Does it require any license or any other details to genrate... or i can simply issue the command "tls generate-key" and it will work...

Regards

Amar...

The certificate is self-signed and not tied to the licensing function.

Thank you,
Blayne Dreier
Cisco TAC IDS Team

**Please check out our Podcast**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

Thanks..

Its working now..

Regards

Amar

Thanks. My problem started when i could no longer communicate to the sensor and IME was displaying "not connected" for one of my senors. I actually unistalled Cisco IME, Upgrade to version 7.0.3 and then notice i was getting an error in regards to the Certificate. I came across this forum and it solved my problem in a matter of seconds. Thanks.

Ricky Morales

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: