Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1017
Views
0
Helpful
8
Replies

Adding Multiple IPSs to IME

Go to solution
learnsec
Level 1
Level 1

ā€Ž12-14-2011 04:47 AM - edited ā€Ž03-10-2019 05:33 AM

hello,

while trying to add multiple IPSs to the IME interface, i added the first IPS successfully, but when i try to add any other IPS device i got an error  "IO Exception when try to get certificate..."

please find error attached.

anyone can advice where is the issue?

regards,

Labels:
Preview file
26 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
andrey.dugin
Level 1
Level 1
In response to learnsec

ā€Ž12-14-2011 05:36 AM

I don't know how MARS will react on TLS-certificate regeneration but I know that you'll not add sensor to IPS without certificate renew.

View solution in original post

0 Helpful

Go to solution
andrey.dugin
Level 1
Level 1
In response to learnsec

ā€Ž12-14-2011 05:41 AM

It will be very difficult procedure so I say "no, it is impossible to revert to old certificate". But it is interesting that MARS doesn't say you any warning about certificate expired in Jul, 22.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
andrey.dugin
Level 1
Level 1

ā€Ž12-14-2011 04:54 AM

Your TLS certificate on the sensor is expired.

Login to sensor CLI and regenerate it by command:

tls generate-key

0 Helpful

Go to solution
learnsec
Level 1
Level 1
In response to andrey.dugin

ā€Ž12-14-2011 05:02 AM

do that have any relation if i have cs-mars in place that is collecting logs?

in other words, can ips report logs Simultaneously to cs-mars and ime right? and my problem is not related to this issue?

if so then tls generate key will not affect the IPS config on CS-mars right?

0 Helpful

Go to solution
andrey.dugin
Level 1
Level 1
In response to learnsec

ā€Ž12-14-2011 05:26 AM

Your problem is only in certificate expiration as I can see it.

What protocol do you use in MARS<->IPS relationship?

0 Helpful

Go to solution
learnsec
Level 1
Level 1
In response to andrey.dugin

ā€Ž12-14-2011 05:33 AM

Access type is SSL!

0 Helpful

Go to solution
andrey.dugin
Level 1
Level 1
In response to learnsec

ā€Ž12-14-2011 05:36 AM

I don't know how MARS will react on TLS-certificate regeneration but I know that you'll not add sensor to IPS without certificate renew.

0 Helpful

Go to solution
learnsec
Level 1
Level 1
In response to andrey.dugin

ā€Ž12-14-2011 05:38 AM

can we revert back if we generated tls certificate and we faced any porblem?

0 Helpful

Go to solution
andrey.dugin
Level 1
Level 1
In response to learnsec

ā€Ž12-14-2011 05:41 AM

It will be very difficult procedure so I say "no, it is impossible to revert to old certificate". But it is interesting that MARS doesn't say you any warning about certificate expired in Jul, 22.

0 Helpful

Go to solution
learnsec
Level 1
Level 1
In response to andrey.dugin

ā€Ž12-14-2011 05:50 AM

welcome to CiSco Devices

i generated the  new tls certifcate,

i asked mars to rediscover, i got  an error related to a new certificate to accept, i accepted it and things with mars got fine, i checked with IME and problem is solved.

thanks man for you help,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card