01-23-2007 01:42 AM - edited 03-10-2019 03:26 AM
Hi all,
I use Catalyst 6513 (Router IOS) + IDSM-2 and use Cisco VMS 2.3 to manage IDSM-2. I upgrade IDSM-2 from version 4 to version 5. However, after updating completely, I use Cisco VMS 2.3 to query to IDSM-2, I see a error:
"status: Error importing configuration files from the sensor - Unable to get sensor version from the sensor. Possible reason: X.509 certificate is invalid or sensor version was downgraded. "
01-23-2007 06:02 PM
Hi,
Normally doing the following fixes the problem.
You need to regenerate the IDSMC Certificate and add the VMS as the trusted host to the sensor.
To generate the certificate do the following.
c:\progra~1\cscopx\mdc\apache\gencert.bat
where c: drive is the drive you installed your VMS.
After this is done, please restart the CiscoWorks Daemon Manager.
You will also need to generate tls key as well as manually re-install the TLS certificate on your sensor.
tls trusted-host from the IPS CLI and specify your VMS's IP address.
tls generate-key
no tls trusted-host ip-address (vms server ip)
tls trusted-host ip-address (vms server ip)
Thanks.
Edward
01-23-2007 06:17 PM
Thank you for your answer, however, I can't do that because when I type:
E:\>CSCOpx\MDC\Apache\gencert.bat
E:\>\openssl.exe req -config \conf\ssl\openssl.conf -new -nodes -out \conf\ssl\s
erver.csr -keyout \conf\ssl\server.key
'\openssl.exe' is not recognized as an internal or external command,
operable program or batch file.
E:\>\openssl.exe x509 -in \conf\ssl\server.csr -out \conf\ssl\server.cert -req -
signkey \conf\ssl\server.key -days 365
'\openssl.exe' is not recognized as an internal or external command,
operable program or batch file.
If you know the cause, please answer me early.
Thanks
01-23-2007 06:25 PM
Hi,
Could you search your drives to see where the 'openssl.exe' file is?
Thank you.
Edward
01-23-2007 06:29 PM
I see openssl in
1) E:\CSCOpx\MDC\apache
2) E:\CSCOpx\lib\web
openssl.exe-CSCec43722-1 in E:\CSCOpx\MDC\apache
Now, what I must do ?
Thanks,
Duy Khang
01-23-2007 06:35 PM
Could you look at the gencert.bat file?
If the batch file does not have correct path, please correct them.
Thank you.
Edward
01-23-2007 06:36 PM
The batch file has correct path
01-23-2007 06:43 PM
Could you post the batch file content?
Thank you.
Edward
01-23-2007 06:52 PM
The content of batch file:
%1\openssl.exe req -config %1\conf\ssl\openssl.conf -new -nodes -out %1\conf\ssl\server.csr -keyout %1\conf\ssl\server.key
%1\openssl.exe x509 -in %1\conf\ssl\server.csr -out %1\conf\ssl\server.cert -req -signkey %1\conf\ssl\server.key -days 365
01-23-2007 06:56 PM
Hi,
Try to build another batch file with this content and try the batch file. Please note that there are 3 lines. (1 short one and 2 long ones)
set PATH=E:\CSCOpx\bin;%PATH%
E:\CSCOpx\MDC\Apache\openssl req -config E:\CSCOpx\MDC\Apache\conf\ssl\openssl.conf -new -nodes -out E:\CSCOpx\MDC\Apache\conf\ssl\server.csr -keyout E:\CSCOpx\MDC\Apache\conf\ssl\server.key
E:\CSCOpx\MDC\Apache\openssl x509 -in E:\CSCOpx\MDC\Apache\conf\ssl\server.csr -out E:\CSCOpx\MDC\Apache\conf\ssl\server.cert -req -signkey E:\CSCOpx\MDC\Apache\conf\ssl\server.key -days 365
01-23-2007 07:36 PM
When I run the batch file, it asks me 2 question:
1) Click the program you want to use to open "server.csr"
2) Click the program you want to use to open "server.csrt"
I don't know to choose which programs to open 2 above file?
01-23-2007 07:40 PM
Hi,
You may see 5 lines from the output but there are only 3 lines.
Please make them to 3 lines and try it again.
Thank you.
Edward
01-23-2007 08:15 PM
Dear Sir,
I have done what you said. However, I can't import IDSM-2 from Cisco VMS. I see the same error like the fist post.
I have updated complete with the first IDSM-2 but I can't updated for the second IDSM-2. I use Cisco VMS to manage both IDSM-2.
At the first time, when I install IPS v5 at the first IDSM-2, I see the change of Graphical interface of Cisco VMS v2.2 from v4 to v5.
At the second time, when I install IPS v5 at the second IDSM-2, I don't see the the change of Graphical interface of Cisco VMS v2.2, the graphical interface is still version 4.
Maybe VMS v2.2 has error to connect to IDSM-2?
01-23-2007 08:25 PM
Hi,
Could you delete the sensor from the IPSMC and try to re-add the sensor?
Thank you.
Edward
01-23-2007 08:32 PM
thank you very much
I have updated finish. I delete the sensor and then import the sensor
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: