Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

certificate error

I get the following error when trying to update the sensor (from IDSMC 1.2.3).

An error occurred while running the update script on the sensor named sensor. Detail = CLI Error: "The host is not trusted. Add the host to the system's trusted TLS certificates."

This is on a newly imaged 4210 sensor built with the 4.1.1(S47) build disk.

I've tried to regenerate the Certificate but am either not doing it correctly or somthing is going awry.

I've also tried to remove the sensor from the MC and generate new keys and then re-add it but I get the same result.

Cisco Employee

Re: certificate error

With the changing of certificates on the IDS MC you may have confused the sensor. It may be comparing an older certificate.

Go to the sensor CLI and enter the configure terminal mode (conf t).

Then type:

tls trusted-host ip-address [ port ]

using the and for your IDS MC box

For more information on the command:

This will download the latest ceritifate for IDS MC and you can have the sensor accept the certificate.

Then try the upgrade again and see if it works.

Cisco Employee

Re: certificate error

Just to let you know,

I just saw a new DDTS Issue with similar symptoms:


You may want to check and see if this could be the same problem you are seeing.

New Member

Re: certificate error

Nope. I got the exact same issue. About an hour later I even deleted the device from the MC and readded it with the same results.

On an added note: When I go to the IDS MC from the CW2K I get an error that states that the security certificate is invalid or has expired and that the name on the security certificate does not match the site.

So it looks like the certificate has expired (when I go to the certificate details).

Cisco Employee

Re: certificate error

In reading through the documentation it looks the certificate is only good for 1 year.

If you have been running IDS MC for nlonger than a year that would explain the expiration.

Another possibility is that the time on your IDS MC server may be off by a year or more.

Check the date on your IDS MC server to ensure that it is configured for today's date, and not some year in the past or in the future.

Then create a new certificate and try again.

Here is the doc that I could find on CCO that talks about certificates (not sure if it is the right one or not):

New Member

Re: certificate error

Yup. We've been running it longer than a year. The Date and Time are correct on the system.

And that URL details the Certificate for the CW2K certificate, and not the certificate for the IDS MC (I only get that warning box when I launch the IDS MC) which uses the Shared Services certificate as shown in the

VPN/Security Manager - Administration - Configuration - Certificate

Any ideas on this one?

Cisco Employee

Re: certificate error

You've gone past my area of expertise.

Maybe someone else on this forum can provide some help?

If you don't get any other responses, then I would suggest opening a TAC case if you haven't already done so.

CreatePlease to create content