Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5418
Views
9
Helpful
5
Replies

IPS : HOST certificate issue...

Go to solution
amardram123
Level 1
Level 1

‎07-02-2010 04:49 AM - edited ‎03-10-2019 05:02 AM

Dear All,

I have doubt on host certificate:

I have two AIP-SSM module shows different host certificate value though i have installed/configured both on same date.

I am not very sure what this host certificate is.. could any1 help me to understand it.. and what is impect if it doesnt match...

IPS in Active ASA:

Host Certificate Valid from: 12-Jan-2009 to 13-Jan-2011

IPS in standby ASA:

Host Certificate Valid from: 04-Jun-2009 to 05-Jun-2011

Regards

Amar

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fringer
Cisco Employee
Cisco Employee

‎07-02-2010 11:14 AM

Amar;

  The host certificate is used for establishing secure communication between the sensor and managing devices such as IPS Manager Express, CS-MARS, etc.  It can be re-generated from the CLI by issuing:

tls generate-key

  It will be valid for two years from the date it was generated.

Scott

View solution in original post

5 Replies 5

Go to solution
Scott Fringer
Cisco Employee
Cisco Employee

‎07-02-2010 11:14 AM

Amar;

  The host certificate is used for establishing secure communication between the sensor and managing devices such as IPS Manager Express, CS-MARS, etc.  It can be re-generated from the CLI by issuing:

tls generate-key

  It will be valid for two years from the date it was generated.

Scott

Go to solution
amardram123
Level 1
Level 1
In response to Scott Fringer

‎07-03-2010 01:32 AM

Thanks scott,

Does it require any license or any other details to genrate... or i can simply issue the command "tls generate-key" and it will work...

Regards

Amar...

0 Helpful

Go to solution
Christopher Dreier
Level 3
Level 3
In response to amardram123

‎07-04-2010 02:17 PM

The certificate is self-signed and not tied to the licensing function.

Thank you,
Blayne Dreier
Cisco TAC IDS Team

**Please check out our Podcast**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

Go to solution
amardram123
Level 1
Level 1
In response to Christopher Dreier

‎07-19-2010 03:11 AM

Thanks..

Its working now..

Regards

Amar

0 Helpful

Go to solution
w-collazo
Level 1
Level 1
In response to Scott Fringer

‎02-09-2011 05:31 AM

Thanks. My problem started when i could no longer communicate to the sensor and IME was displaying "not connected" for one of my senors. I actually unistalled Cisco IME, Upgrade to version 7.0.3 and then notice i was getting an error in regards to the Certificate. I came across this forum and it solved my problem in a matter of seconds. Thanks.

Ricky Morales

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card