ASA-SSM-10 with IME: certificate expiration

ASDM and IDM work fine with my SSM. I'm attempting to add my SSM as a new device into (just installed) IME 7.0.1. Dialog box says:
IOException when try to get certificate: java.security.cert.CertificateExpired Exception: NotAfter: Tue Jul 28 04:44:51 EDT 2009
What is the issue here, and how do I fix it?
Thanks in advance,
-- Bill

Found answer to this, via Cisco Service Request. Used CLI on AIP-SSM:
sensor# tls generate-key
Then I refreshed sensor details in IME, tried adding a new device and all worked fine. IME has the AIP-SSM reporting I was after, so - good deal.

Similar Messages

  • Asa ssh/vnc plugins digital certificates expired

    Hi,
    we've got our new asa set up now (more or less). But what gets us is that the Cisco ssh/vnc plugins and the java applet for port forwarding all come up with "digital certificate expired". Now this is not going to instill confidence in our users.
    We are running 8.0(4)3 and asdm 6.1(3) and the plugins are the latest available from Cisco's software download page
    (ssh-plugin.08030, vnc-plugin.080130).
    Are newer ones available?
    Thanks
    Dorothea

    BTW this could be of help:
    http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/asarn80.html#wp241924
    You probably want to install a code signer certificate.
    While this seems to be what you're looking for, I have never managed to generate a bundle such that Java doesn't complain at all anymore...

  • Problems with auto-enroll with the certificate expiration

    Hello,
    we have routers that work with certificates. We have problems with the auto-enroll when the certificates go to expire.
    ?Can somebody help?
    I can send mor debug o configurations.
    We attach a debug.
    Very thanks

    Hello,
    I attach the debug.
    Very thanks

  • My program turn on with a Certificate expirated.

    My aplication (RMISSLSecuritySocket), it�s switched on with a expirate certificate.
    Why?

    hello,
    May be explication here:
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-57436-1
    i have a question too :
    i'm a old developpers java but actually i begin works on java mobility and i don't know how can i do to sign application?
    i use apdu connection for communication with sim card i open sucefully application with the slot card but when i try to enter pin or operateur pin wit "exchange command" i have an exception security.
    After long research i conclud that the middlet must be signing but i don't know how to proced.
    I must buy signing digital id from "verisign" or there are other ways to do this?
    Thanks

  • Licese Expire on ASA Platform:ASA-SSM-20

    Dear Sir/Mada,
    Currently i have Cisco ASA 5520 with  ( Platform: ASA-SSM-20) and the license expire on next month.
    Could you let me know the P/N should i order to renewal?
    Best Regards,
    Rechard.

    Have you renewed your IPS license yet? Not sure what question you are asking, however you can renew your IPS smartnet through your vendor or directly with Cisco. You just need to provide you contract number or your Serial number of your IPS device. While you are in the process of renewing your contract, you can get a temporary license from cisco
    https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y
    Let us know if you still need any assistance with this.

  • Computer certificates expiring within 6 weeks disappearing from machines when computer certificates from two certificate authorities are present

    2008 R2 single tier enterprise certificate authority with root certificate expiring within 6 weeks, also domain controller
    2012 R2 single tier enterprise certificate authority with root certificate valid for more than the next year, also domain controller
    Both servers are approved as certificate authorities for the domain and can issue computer certificates using the computer certificate template. There is a group policy object applied to all workstations that contains an automatic computer certificate request,
    but the actual "certificate services client auto-enrollment" element is "not configured". This process seems to work like a round robin in that computers with no certificate can wind up with a certificate from either certificate
    authority. I need all PCs to have both certs for a DirectAccess migration. I have successfully used SCCM to ensure all PCs have both certificates using compliance rules and a script using certreq.exe.
    A machine will keep both certs until the older computer certificate moves into the 6 week window of expiration, then it gets purged. I have observed this behavior for over a month, even when the CA root certificate wasn't so close to expiring. I
    can't figure out what setting is triggering the purge, but need to stop it. Maybe it's coming from default settings in local machine policy for an element that should be disabled in the group policy object supplying the automatic certificate request?
    The worst part of this issue is that I can't recreate the purging behavior with gpupdates or restarts on my test machines.

    You should not be using Automatic Certificate Request Service (ACRS) for this - it was designed for Windows 2000 and is generally deprecated. Secondly, the reason it is acting like a round-robin as you describe it, is that templates are generally configured
    to attempt to renew within 6 weeks of their expiration. Since the 2008 R2 CA is expiring within 6 weeks, it cant issue anything longer than its own remaining lifetime. It is a well known issue that issuing a certificate within the renewal period will cause
    problems.
    What you should do it use AutoEnrollment and issue a certificate with a very small renewal period (1 week perhaps) by creating a custom V2 template and issuing that from your 2008 R2 CA. Then on the 2012 R2 CA you will need ANOTHER template, as the computer
    will only enroll for a certificate from each template. This one can be configured with a normal lifetime and renewal period.
    Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. Connect with Mark at http://www.pkisolutions.com

  • FNPLicensingService.exe associated with Acrobat 9 Standard - unverified ... certificate expired

    FNPLicensingService.exe associated with Acrobat 9 Standard - unverified ... certificate expired
    Why is this?

    Thanks.  That worked!   Back in the sunshine again
    The message is as seen below : "signature is timestamped but TS has expired"
    I am assuming this is the right message.  If not, do respond.

  • SSL Re-encryption with Portal and Web Dispatcher: certificate expired

    Hello,
    I am trying to set up HTTPS connection to the Portal through SAP Web Dispatcher. We are using SSL Re-encryption. I think I got everything set up correctly. When trying to access through a Web browser the web dispatcher trace file shows error message 'certificate expired'. Looking at the Portal (Visual admin - Keystore) I am pretty sure it is the service-ssl with localhost. It is expired. Two questions:
    - is it correct that it uses localhost or am I missing anything?
    - How would I recreate the certificate? (I am sure it is somewhere in the Online documentation, but haven't found it yet). Can I do this while the Portal is productive without breaking the normal access (http) to the Portal. This is our Production portal.
    Thanks,
    Ingrid

    Hi,
    Go thru the contents of SAP Note,
    685306 -Enabling SSL and renewing the J2EE certificate
    And also the help contents in,
    http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm
    These might of some help to you !
    Regards
    Srinivasan T

  • Preorderin​g game with reward certificat​e set to expire

    Hello,
    Thanks for all the help with the other questions so far. I have a reward certificate that is set to expire. Am I allowed to apply that certificate to a pre-order even though the game releases after the certificate expires?
    Thank you

    Hey again Kyle5575,
    Good question! When placing an order on BestBuy.com, funds aren't normally collected until the requested items have been shipped or picked up at one of our U.S. retail stores. Any portion of the order total paid for using gift cards or reward certificates, however, is collected when the order is submitted. These payment types do not follow the same authorization process as traditional debit or credit cards and are instantly redeemed when used.
    In other words: no need to worry! Your certificate will be automatically applied to your order as soon as it's been placed.
    Let me know if you have any other questions.
    Aaron|Social Media Specialist | Best Buy® Corporate
     Private Message

  • Failed auto update on ASA-SSM-20 The host is not trusted. Add the host to the system's trusted TLS certificates.

    Failed auto update on ASA-SSM-20 The host is not trusted. Add the host to the system's trusted TLS certificates.
      errorMessage: WebSession::sessionTask TLS connection exception: handshake incomplete.
    Messages, like this one, in the category - TLS connection failure - were logged 1464 times in the last 21461 seconds.  name=errTransport  

    Sam,
    See the other post in the list talking about your problem, "host not trusted".
    I had the same problem and the fix was to upgrade the IPS to 7.1(9)E4 . 
    Mike

  • Portal Certificate Expired with NO VA running!!!

    Hi All,
    I got one issue about Portal certificate expiration, for which SSO is not working b/w Portal and R3.
    As working on Solaris, required to re-generate the Keystore Certificate via Visual Admin, but WHAT!!!
    I am not able to run it, it says that JAVA_HOME needs to be set.
    Done (Set) but still am not able to see that VA screen. Tried thru root and SIDADM (recommended) also, but couldnt... which is turning my head 360 degrees.
    Well request you all to share your good experiences thru which i may be able to resolve the issue which is pending past 2 days and no proceedings since...
    And i guess there is no way out to increase the validity of certificate without VA. OR is there any????
    Thanks
    Piyush

    hi Anil,
    i got,
    /usr/java
    we ran the command "./go" to start visual admin, which inturn shows the error as below
    4/7/10 12:09 PM com.sap.engine.tools.launcher.Launcher Error : console output st
    ream will not be logged into a file; there was an error opening the log file
    java.io.FileNotFoundException: /usr/sap/EPD/JC01/j2ee/admin/log/console_logs/out
    put.log (Permission denied)
            at java.io.FileOutputStream.open(Native Method)
            at java.io.FileOutputStream.<init>(FileOutputStream.java:179)
            at java.io.FileOutputStream.<init>(FileOutputStream.java:131)
            at com.sap.engine.tools.launcher.Launcher.initLogs(Launcher.java:636)
            at com.sap.engine.tools.launcher.Launcher.init(Launcher.java:198)
            at com.sap.engine.tools.launcher.Launcher.main(Launcher.java:113)
    4/7/10 12:09 PM com.sap.engine.tools.launcher.Launcher Error : unable to invoke
    main class  com.sap.engine.services.adminadapter.gui.AdminFrameView
    Exception in thread "main" com.sap.engine.tools.launcher.LauncherException
            at com.sap.engine.tools.launcher.Launcher.launch(Launcher.java:340)
            at com.sap.engine.tools.launcher.Launcher.main(Launcher.java:114)
    caused by -
    java.lang.reflect.InvocationTargetException
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
    java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
    sorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:324)
            at com.sap.engine.tools.launcher.Launcher.launch(Launcher.java:336)
            at com.sap.engine.tools.launcher.Launcher.main(Launcher.java:114)
    Caused by: java.lang.InternalError: Can't connect to X11 window server using ':0
    .0' as the value of the DISPLAY variable.
            at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
            at sun.awt.X11GraphicsEnvironment.<clinit>(X11GraphicsEnvironment.java:1
    34)
            at java.lang.Class.forName0(Native Method)
            at java.lang.Class.forName(Class.java:141)
            at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvi
    ronment.java:62)
            at java.awt.Window.init(Window.java:231)
            at java.awt.Window.<init>(Window.java:275)
            at java.awt.Frame.<init>(Frame.java:401)
            at java.awt.Frame.<init>(Frame.java:366)
            at javax.swing.SwingUtilities$1.<init>(SwingUtilities.java:1641)
            at javax.swing.SwingUtilities.getSharedOwnerFrame(SwingUtilities.java:16
    37)
            at javax.swing.JWindow.<init>(JWindow.java:160)
            at javax.swing.JWindow.<init>(JWindow.java:112)
            at com.sap.engine.services.adminadapter.gui.AboutWindow.<init>(AboutWind
    ow.java:12)
            at com.sap.engine.services.adminadapter.gui.AdminFrameView.main(AdminFra
    meView.java:234)
            ... 6 more
    caused by -
    java.lang.reflect.InvocationTargetException
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
    java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
    sorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:324)
            at com.sap.engine.tools.launcher.Launcher.launch(Launcher.java:336)
            at com.sap.engine.tools.launcher.Launcher.main(Launcher.java:114)
    Caused by: java.lang.InternalError: Can't connect to X11 window server using ':0
    .0' as the value of the DISPLAY variable.
            at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
            at sun.awt.X11GraphicsEnvironment.<clinit>(X11GraphicsEnvironment.java:1
    34)
            at java.lang.Class.forName0(Native Method)
            at java.lang.Class.forName(Class.java:141)
            at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvi
    ronment.java:62)
            at java.awt.Window.init(Window.java:231)
            at java.awt.Window.<init>(Window.java:275)
            at java.awt.Frame.<init>(Frame.java:401)
            at java.awt.Frame.<init>(Frame.java:366)
            at javax.swing.SwingUtilities$1.<init>(SwingUtilities.java:1641)
            at javax.swing.SwingUtilities.getSharedOwnerFrame(SwingUtilities.java:16
    37)
            at javax.swing.JWindow.<init>(JWindow.java:160)
            at javax.swing.JWindow.<init>(JWindow.java:112)
            at com.sap.engine.services.adminadapter.gui.AboutWindow.<init>(AboutWind
    ow.java:12)
            at com.sap.engine.services.adminadapter.gui.AdminFrameView.main(AdminFra
    meView.java:234)
            ... 6 more
    Regards
    Piyush

  • How to do a factory reset ASA-SSM-10?

    Hi.
    I forgot the user for management a IPS SSM-10, when i follow the procedure to reset the password for cisco user, i can get into the module, i change the password and every thing is OK, but when i tried to configure y don´t have rights to do anything.
    if i see the privileges for the user cisco this is the result
    EDGE-IPS2# sh user
        CLI ID   User    Privilege
    *   4143     cisco   viewer
    Application Partition:
    Cisco Intrusion Prevention System, Version 6.1(1)E2
    Host:
        Realm Keys          key1.0
    Signature Definition:
        Signature Update    S364.0                   2008-10-24
        Virus Update        V1.4                     2007-03-02
    OS Version:             2.4.30-IDS-smp-bigphys
    Platform:               ASA-SSM-10
    Serial Number:          JAF1208BNPP
    License expired:        20-Jun-2009 UTC
    Sensor up-time is 1:09.
    Using 657850368 out of 1032495104 bytes of available memory (63% usage)
    system is using 17.7M out of 29.0M bytes of available disk space (61% usage)
    application-data is using 41.5M out of 166.8M bytes of available disk space (26% usage)
    boot is using 40.5M out of 68.6M bytes of available disk space (62% usage)
    MainApp          M-2008_APR_24_19_16    (Release)   2008-04-24T19:49:05-0500   Running
    AnalysisEngine   ME-2008_JUN_05_18_26   (Release)   2008-06-05T18:55:02-0500   Running
    CLI              M-2008_APR_24_19_16    (Release)   2008-04-24T19:49:05-0500
    Upgrade History:
    * IPS-K9-6.1-1-E2           22:40:50 UTC Tue Feb 26 2013
      IPS-sig-S364-req-E2.pkg   18:43:20 UTC Wed Nov 12 2008
    Recovery Partition Version 1.1 - 6.1(1)E2
    Host Certificate Valid from: 17-Nov-2008 to 18-Nov-2010
    What can i do in this case?
    IPS Info
    Getting details from the Service Module, please wait...
    ASA 5500 Series Security Services Module-10
    Model:              ASA-SSM-10
    Hardware version:   1.0
    Serial Number:      JAF1208BNPP
    Firmware version:   1.0(11)4
    Software version:   6.1(1)E2
    MAC Address Range:  001e.f710.5b6c to 001e.f710.5b6c
    App. name:          IPS
    App. Status:        Up
    App. Status Desc:
    App. version:       6.1(1)E2
    Data plane Status:  Up
    Status:             Up
    Mgmt IP addr:       X.X.X.X
    Mgmt web ports:     443
    Mgmt TLS enabled:  

    The process will normally use the following command:
    hw-module module 1 password-reset
    It will reload the ASA and when loggin back the "Cisco" username will have admin rights.
    If this is not your case, a re-image of the unit will be the next step, keep in mind that this will remove all the custom config.

  • ErrSystemError-ct-sensorApp.463 not responding on ASA-SSM-10

    Hello,
    I got following error message when login into IPS over IDM, after error is displayed IDM is closing.
    errSystemError-ct-sensorApp.463 not responding, please check system processes
    - The connect to the specified Io::ClientPipe failed.
    SSH login works, when using CLI following health statistics are available:
    sensor# show health
    Overall Health Status                                               Red
    Health Status for Failed Applications                         Red
    Health Status for Signature Updates                         Yellow
    Health Status for License Key Expiration                   Green
    Health Status for Running in Bypass Mode                Red
    Health Status for Interfaces Being Down                   Green
    Health Status for the Inspection Load                      Green
    Health Status for the Time Since Last Event Retrieval   Green
    Health Status for the Number of Missed Packets          Green
    Health Status for the Memory Usage                      Not Enabled
    Health Status for Global Correlation                    Green
    Health Status for Network Participation                 Not Enabled
    Security Status for Virtual Sensor sensor-int    Green
    Security Status for Virtual Sensor vs0           Green
    Do you have any idea why IPS crashed ?
    ASA-SSM-10 is installed into ASA 5510.

    Hello,
    I have the sem problem since sveral days, I found the following workaround on our environement. Working since 5hours.
    Hope it helps.
    Regards.
    IDSM-2 Sensor Module - errSystemError -ct-sensorApp.XXX not responding, please check system processes - The connect to the specified Io::ClientPipe failed.
    Symptom:
    When attempting to access an IDSM-2 sensor via its GUI (IDM) or via IME (IPS Manager Express), an error such as the following is encountered:
    "errSystemError -ct-sensorApp.XXX not responding, please check system processes - The connect to the specified Io::ClientPipe failed."
    Additionally, review of the 'show version' command output indicates the AnalysisEngine (sensorApp process) to be "Not Running".
    Conditions:
    IDSM-2 sensor module running 7.0(x) software release. Global Correlation Inspection feature enabled (On). A 'show tech' command output includes a sensorApp process core containing lines similar to the following:
    cat /usr/cids/idsRoot/core/sensorApp/core.txt
    /usr/cids/idsRoot/bin/sensorApp(_ZN3Cid3Rep9RepIpData13ApplyIpUpdateEPKcPNS0_8RepScoreE+)
    Solution:
    This problem is tracked as defect CSCti79423. It can be encountered on the IDSM-2 platform when a Global Correlation Update occurs. A fix for this is currently planned for inclusion in the next 7.0 release (7.0(6)).
    In the interim, the only workaround to ensure that the sensor does not re-encounter this defect is to disable Global Correlation Inspection (Updates) as such:
    sensor# conf t
    sensor(config)# service global-correlation
    sensor(config-glo)# global-correlation-inspection off
    sensor(config-glo)# exit
    Apply Changes?[yes]: yes
    After making the above configuration change, a reboot of the affected IDSM-2 sensor module should restore it to service:
    sensor# reset

  • Need assistance to configure ASA-SSM-10

    Hello All,
       Can someone assist me on setting up the IPS ASA-SSM-10 module in ASA 5520 firewall . I have just licensed the box. It would be great if someone can help me with relevant videos\docs to configure the SSM module to enable all the required IPS features for the box to run. I am running ASDM 6.4 and if anyone has the configs to enable via ASDM\CLI whichever is feasible is fine . Kindly assist .Below is the module details.
    ASA 5500 Series Security Services Module-10
    Model:              ASA-SSM-10
    Hardware version:   1.0
    Firmware version:   1.0(11)5
    Software version:   7.1(8)E4
    App. name:          IPS
    App. Status:        Up
    App. Status Desc:   Normal Operation
    App. version:       7.1(8)E4
    Data plane Status:  Up
    Status:             Up
    Regards,
    Karthik

    Do you need the syslogs to be sent or the Events.
    IPS sensors do not support syslog forwarding.  Syslog is fairly
    restrictive in size of messages and is not secure or reliable.
    sensor does support sending of events using SNMP
    (again with the same sets of restrictions:  not full data, clear text,
    not reliable).
    There is a physical ability to send events as traps.  It isn't
    recommended for many reasons (or lets say it isn't recommended in the
    same way that monitoring using SDEE is).  SNMP trap receivers generally
    aren't built to handle, say 200 events per second per device.  The
    sensor isn't capable of sending at the same event rate as it is with
    SDEE.  The traps are in clear text and are not reliably sent.  They
    don't contain the same amount of info as an SDEE event, and can't.
    If you need the events to  be sent to a database you can run cisco IME which can collect all the events generated by the IPS.
    Hope this helps.
    Sachin

  • Configure ASA-SSM-10 for Syslog

    How to configure syslog on the following IPS module ?
    I need to send logs from this sensor
    Platform: ASA-SSM-10
    Build Version: 7.0(4)E4
    Os Version: 2.4.30-IDS-smp-bigphys
    Can anybody advise me on this.
    Regards,
    Rohit

    Do you need the syslogs to be sent or the Events.
    IPS sensors do not support syslog forwarding.  Syslog is fairly
    restrictive in size of messages and is not secure or reliable.
    sensor does support sending of events using SNMP
    (again with the same sets of restrictions:  not full data, clear text,
    not reliable).
    There is a physical ability to send events as traps.  It isn't
    recommended for many reasons (or lets say it isn't recommended in the
    same way that monitoring using SDEE is).  SNMP trap receivers generally
    aren't built to handle, say 200 events per second per device.  The
    sensor isn't capable of sending at the same event rate as it is with
    SDEE.  The traps are in clear text and are not reliably sent.  They
    don't contain the same amount of info as an SDEE event, and can't.
    If you need the events to  be sent to a database you can run cisco IME which can collect all the events generated by the IPS.
    Hope this helps.
    Sachin

Maybe you are looking for

  • Why exchange email will not work on my ipod touch, but ok on iphone

    Why will microsoft exchange email not work on my ipod touch, but with the exact same settings, it works fine on my iphone? What is the reason for this?

  • Planned update has been changed from 2.3.4 to 2.3.5

     As the 2.3.4 beta ended over a month ago, they began the 2.3.5 Gingerbread beta tests, which was leaked earlier within a week this time unlike previous leaks. (keep in mind you receive no updates during the phases on leaks, take risks and void warre

  • Abort issue with installation CS6 (payloads)

    Dear all, Since I wanted to find out if CS6 products would pay out I wanted to install the trial version of the CS6 (MC) but got the below mentioned error messages during insallation process of PremierPro, Aftereffects, Indesign, Illustrator. I thoug

  • How is oracle 10g configured to use only one cpu

    Today a customer informed me that their instance of 10g was configured to run on only one of four cpu's in a Solaris server. How did they do this ? George

  • T42 system on T40p hardware

    I have a T40p, and my daughter has a T42.  The T42 system software has advantages including: 1 The rescue and recovery partion (type 0X12) is visible to backup and partitioning programs, so it can be backed up, and reinstalled, for example, on a new