Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

issue logging into sensor (screenshot)

I just recently took over here and was trying to gain access to the two sensors we have in the environment.  I was able to log into one, but when I tried to login to the second sensor, it gave me a strange error (see screenshot).  Im using the Cisco IME to access the sensors.  Any ideas?  Thanks

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

issue logging into sensor (screenshot)

It looks like the self-signed certificate on the 10.11.19.41 sensor has expired.  If you try to SSH to the device with puTTY, you can issue the "show version" command to confirm.  At the bottom of the output, you will see a section titled "Host Certificate Valid from:".  To regenerate a new key, you can execute the "tls generate-key" command from the CLI.  Once completed, go back to IME and open the 10.11.19.41 device settings and then click OK.  This will force IME to poll the device for the update certificate.  Below is a snippet from one of my lab sensors.

MainApp            S-2011_NOV_21_16_13_7_1_2_48   (Release)   2011-11-21T16:15:59-0600   Running

AnalysisEngine     S-2011_NOV_21_16_13_7_1_2_48   (Release)   2011-11-21T16:15:59-0600   Running

CollaborationApp   S-2011_NOV_21_16_13_7_1_2_48   (Release)   2011-11-21T16:15:59-0600   Running

CLI                S-2011_NOV_21_16_13_7_1_2_48   (Release)   2011-11-21T16:15:59-0600

Upgrade History:

* IPS-sig-S625-req-E4       00:25:24 UTC Wed Feb 15 2012

  IPS-sig-S625-req-E4.pkg   00:29:25 UTC Wed Feb 15 2012

Recovery Partition Version 1.1 - 7.1(3)E4

Host Certificate Valid from: 16-Mar-2011 to 16-Mar-2013

R057-4270-2# tls ?

generate-key     Regenerate server's self-signed X.509 certificate.

R057-4270-2# tls generate-key

4 REPLIES

issue logging into sensor (screenshot)

It looks like the self-signed certificate on the 10.11.19.41 sensor has expired.  If you try to SSH to the device with puTTY, you can issue the "show version" command to confirm.  At the bottom of the output, you will see a section titled "Host Certificate Valid from:".  To regenerate a new key, you can execute the "tls generate-key" command from the CLI.  Once completed, go back to IME and open the 10.11.19.41 device settings and then click OK.  This will force IME to poll the device for the update certificate.  Below is a snippet from one of my lab sensors.

MainApp            S-2011_NOV_21_16_13_7_1_2_48   (Release)   2011-11-21T16:15:59-0600   Running

AnalysisEngine     S-2011_NOV_21_16_13_7_1_2_48   (Release)   2011-11-21T16:15:59-0600   Running

CollaborationApp   S-2011_NOV_21_16_13_7_1_2_48   (Release)   2011-11-21T16:15:59-0600   Running

CLI                S-2011_NOV_21_16_13_7_1_2_48   (Release)   2011-11-21T16:15:59-0600

Upgrade History:

* IPS-sig-S625-req-E4       00:25:24 UTC Wed Feb 15 2012

  IPS-sig-S625-req-E4.pkg   00:29:25 UTC Wed Feb 15 2012

Recovery Partition Version 1.1 - 7.1(3)E4

Host Certificate Valid from: 16-Mar-2011 to 16-Mar-2013

R057-4270-2# tls ?

generate-key     Regenerate server's self-signed X.509 certificate.

R057-4270-2# tls generate-key

New Member

issue logging into sensor (screenshot)

Thanks, since this is a production box, I need to know if this command could have any adverse affects on the system?  I dont see why it would, but I cant really take any chances without doing my research, thanks

lp

issue logging into sensor (screenshot)

If this single instance of IME is the only log collector in your environment, it should be safe to regenerate the certificate on the production sensor.  If you had a number of log collectors (ie. IME, MARS, CSM, etc.), you would want to coordinate the effort in order to prevent a DoS of the web server on the sensor due to certificate authentication failures.

New Member

issue logging into sensor (screenshot)

Fortunately it looks like the guys that installed the sensors (are all gone now) didn't set anything up other than the management IP addresses.  I don't think they are doing anything at the moment.

455
Views
0
Helpful
4
Replies