Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS : HOST certificate issue...

Dear All,

I have doubt on host certificate:

I have two AIP-SSM module shows different host certificate value though i have installed/configured both on same date.

I am not very sure what this host certificate is.. could any1 help me to understand it.. and what is impect if it doesnt match...

IPS in Active ASA:

Host Certificate Valid from: 12-Jan-2009 to 13-Jan-2011

IPS in standby ASA:

Host Certificate Valid from: 04-Jun-2009 to 05-Jun-2011

Regards

Amar

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: IPS : HOST certificate issue...

Amar;

  The host certificate is used for establishing secure communication between the sensor and managing devices such as IPS Manager Express, CS-MARS, etc.  It can be re-generated from the CLI by issuing:

tls generate-key

  It will be valid for two years from the date it was generated.

Scott

5 REPLIES
Cisco Employee

Re: IPS : HOST certificate issue...

Amar;

  The host certificate is used for establishing secure communication between the sensor and managing devices such as IPS Manager Express, CS-MARS, etc.  It can be re-generated from the CLI by issuing:

tls generate-key

  It will be valid for two years from the date it was generated.

Scott

New Member

Re: IPS : HOST certificate issue...

Thanks scott,

Does it require any license or any other details to genrate... or i can simply issue the command "tls generate-key" and it will work...

Regards

Amar...

Re: IPS : HOST certificate issue...

The certificate is self-signed and not tied to the licensing function.

Thank you,
Blayne Dreier
Cisco TAC IDS Team

**Please check out our Podcast**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

New Member

Re: IPS : HOST certificate issue...

Thanks..

Its working now..

Regards

Amar

New Member

Re: IPS : HOST certificate issue...

Thanks. My problem started when i could no longer communicate to the sensor and IME was displaying "not connected" for one of my senors. I actually unistalled Cisco IME, Upgrade to version 7.0.3 and then notice i was getting an error in regards to the Certificate. I came across this forum and it solved my problem in a matter of seconds. Thanks.

Ricky Morales

4336
Views
9
Helpful
5
Replies