TLS trusted-host

Certificate on IDSM Console expired. Created new certificate, then deleted and add IDS Sensor using discovery. Login to IDS sensor verified clock on matched IDSM Console, then removed trusted-host and re-add to generate new certificate. Cert on sensor doesn't match IDSM Console cert. Still getting TLS trusted host errors when trying to do signature updates. Am I missing a step? Any suggestions? Thanks,

If it is the IDSM-2 certificate that expired, then the steps are correct.
My assumption, however, is that the error you are receiving is not because the IDSM-2 certificate has expired, but instead it is the VMS certificate that has expired.
You would need to create a new certificate for the VMS itself. Then go to the sensor and remove the sensor's knowledge of the VMS old certificate and tell it to grab the new VMS certificate.
Here is how you tell the sensor to grab VMS's new certificate:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/cliguide/clitasks.htm#wp1036631
I am not sure what the steps are to create a new certificate on the VMS itself.

Similar Messages

  • IDSMC 2.0 TLS trusted host

    I just upgraded to IDSMC 2.0 today. When I try to do signatures updates to a 4.1 sensor, the job fails with this error below. I already added the VMS server as a trusted TLS host on the sensor. Rebooted.
    Any ideas? Do I need to add the sensors cert to the VMS server somehow?
    Status Messages
    Sensor bbimainsae01: Signature Update Process
    TLS Trusted Host Certificate difference found, updating sensor certificate for the MC.
    The trusted certificates on the sensor 172.16.1.153 have been updated.
    An error occurred while running the update script on the sensor named bbimainsae01. Detail = An error occurred at the sensor during the update, sensor message = The host is not trusted. Add the host to the system's trusted TLS certificates.

    We've seen a few of these cases, but have not been able to gather enough information to understand where the breakage is occurring.
    The first thing to do is to log into the IDS unit as an administrative user (i.e., "cisco"). Make sure the time on the sensor is accurate. Then take a look at the list of trusted certificates. Next, remove the certificate for the VMS server and re-trust it manually. Finally, attempt the upgrade command manually from the IDS CLI.
    Here are the commands to enter into the IDS CLI to perform these actions. The example uses "10.1.2.3" for the IP address of the VMS host, and "IDS-sig-4.1-4-S128.rpm.pkg" as the name of the package you want to apply to the sensor:
    sensor# show clock
    *03:27:22 UTC Wed Dec 01 2004
    sensor# configure terminal
    sensor(config)# service trustedCertificates
    sensor(config-TrustedCertificates)# show settings
    trustedCertificates (min: 0, max: 500, current: 0)
    sensor(config-TrustedCertificates)# exit
    sensor(config)# tls trusted-host ip-address 10.1.2.3 port 443
    Certificate MD5 fingerprint is 0A:CB:6F:B5:F8:F8:85:05:5B:5D:7D:0B:73:E1:14:A6
    Certificate SHA1 fingerprint is CF:9D:85:60:CA:31:99:26:64:26:39:23:AE:66:E8:3C:BC:68:12:02
    Would you like to add this to the trusted certificate table for this host?[yes]:
    Certificate ID: 10.1.2.3 succesfully added to the TLS trusted host table.
    sensor(config)# upgrade https://10.1.2.3/ids-config/vms/sensorupdate/IDS-sig-4.1-4-S128.rpm.pkg
    Warning: Executing this command will apply a signature update to the application partition.
    Continue with upgrade? : yes
    If the tls trusted-host command does not succeed, we will need to obtain a packet capture to diagnose why. I've provided instructions for doing this elsewhere in this forum. (Search for recent articles by me.)
    If you can get the tls trusted-host command to succeed, but the upgrade command fails, then we need to see what might be wrong with the certificate on the VMS server.
    If both commands succeed manually, you can re-import the sensor in VMS so it will detect it is running the new version. We will then need to wait until the next signature update to see what happens when you use VMS to upgrade the sensor.

  • Trusted Host Check Failed for RFC SAPLSOVLROOM

    Hi,
    We are using SAP Enterprise Learning 7.5.
    In RFC SAPLSOVLROOM, got a below error in response body.
    Trusted host check : failed
    The host that you are calling from is not configured as trusted. See
    the configuration guide for information about how configure a host as
    trusted.
    Added hostname in the trusted hosts of the sap_servlet_config.xml.
    Also followed Note 1471989 - SAP Enterprise Learning 7.5 - Trusted host check:failed
    Still the trusted host check alone getting failed. Other Checks for the RFC is sucessful.
    Regards,
    Raja. G

    Raja, did you figure out what was going on here?  We have similar situation.  Hosta are listed in trusted hosts section, but we get error when doing connection check in sm59 if we use a https connection, but not if we use http connection.  There are no ssl errors anywhere, but it fails the same as yours.
    If you have any update. Please reply.

  • Trusted hosts

    In trusted hosts,when i am doing rlogin to another host gives error "connection time out" what could be problem.Give solution

    Users attempting to use rlogin must be validated. Validation can be performed by the remote computer (the one you are logging into) or by the network environment. If the remote computer is to validate you, one of three conditions must exist.
    1     First, the user account you are using must be located on the remote machine, and you must provide a correct password when prompted.
    2     Second, the remote machine must have an /etc/hosts.equiv file set up.
    3     Third, the remote machine must have an .rhosts file configured.

  • Ips 4510 error adding trusted host.

    Hello.
    I'm trying to get event logs from my ips 4510 into splunk.
    When I add the host on which splunk is running as a "trusted host" I get the error:
    Cannot add #.#.#.# as a trusted host.  errTransport-socket connect failed [4,111]
    There are no firewalls enabled on the splunk host.
    On the splunk side, I've installed Cisco Security Suite and Cisco IPS applications.
    The splunk logs show it's able to connect to the host, but then throws the following error:
    URLError: <urlopen error Tunnel connection failed: 503 Service Unavailable>.
    Not sure at this point if I need to configure something else before being able to add the splunk host as a trusted host?
    Any info appreciated.
    Thanks.

    Hi Jamoser,
    Could you try to ping the IPS from client? If it works, can you check there is no device in traffic path blocking TCP 443 to IPS? Can you do a capture on IPS to see if request on TCP 443 is indeed reaching the IPS?
    Sourav

  • My Site Trusted Host Location (still 2010)

    Can My Site site collection still be the 2010 flavor using SharePoint 2013 My Site Host.
    A group of My Sites does not want to be upgraded, and remain SharePoint 2010.  Is it supported to setup a Trusted Host Location which points to the SharePoint 2010 Farm?
    Is it supported for a SharePoint 2013 User Profile Service Application to use a SharePoint 2010 My Host Site Template?  I would think many things would break?
    So the comprise would be to keep some My Site Site Collections in a SharePoint 2010 Farm as a Trusted Location.
    Any thoughts...
    Thanks in advance.

    A SharePoint 2010 Farm can consume services from a SharePoint 2013 farm, but not the other way around.  Normally any service farm is upgraded first.  So no, to the best of my knowledge you can not use a SharePoint 2010 My Site Host as a Trusted
    Host location in the 2013 farm.
    Paul Stork SharePoint Server MVP
    Principal Architect: Blue Chip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

  • Revoking trusted host

    When experimenting with different Exchange and HTTP server settings (for calendar subscription) I had to accept a certificate I don't want to trust forever.
    Although I deleted the account under Mail, Contacts & Calendar settings, the iPhone still seems to trust the certificate: When I re-enter the account information, I am not asked if I want to trust, the connection is simply established.
    Which options do I have to delete that host from the list of trusted hosts? Will resetting the network settings suffice? Or resetting all settings? Or do I have to backup / restore the iPhone completely?
    Thanks for input on this!

    I've also ended up with this problem - there is a firewall in one location where I use connect my iPhonew over wifi which, before I had done the http based login, must have responded to the exchange connections SSL request instead of the gmail exchange server.
    I don't really want to trust this server, and I've been searching for a way to revoke trusted hosts with no luck so far.
    As a side note, this has caused my iPhone to think the firewall is a valid gmail exchange server, and after re-requesting the password a few times times will give up until the phone is restarted if I leave the wifi on and have to reject the prompt (in order to http login).
    Would be great to hear if anybody knows how to achieve the revocation.
    Thanks, Alex J Burke.

  • Trusted host on SPA2102

    Product Name: SPA-2102
    Software Version: 5.2.5
    Can I write trusted host (remote admin server) on SPA2102?

    If you are just talking stand alone with the SPA2102, I think the only option is really via remote management. Unfortunately, this is not a trusted connection as what you wanted to be. As long as the other party knows the WAN IP address being received by the SPA-2102 and the port being used, the PC can access the unit unless you set up both the user and admin view for a password.  
    I suggest contacting Cisco Tech support to further look into your concern. I believe this unit belongs to the business series devices that Cisco is now supporting. Try to go to this link for the other business series devices and the site where you can get hold of Cisco for support: 
    http://www.cisco.com/web/products/linksys/index.html

  • Setting up a trusted host for email

    Our email is being filtered by MailWise before hitting our GroupWise
    system. However, the unscrupulous out there are bypassing the filtering
    by using the IP address. I need to configure my BorderManager firewall to
    set up the MailWise IP network range as a "trusted host." How do I do
    that? (Am I asking the question correctly?) I can't find anything in the
    Novell Support knowledgebase or in any of my Novell Press BorderManager
    handbooks, guides and course manual!

    well, you're reading the wrong manuals. Craig Johnson's books are the
    de facto standards in Border docs. :-)
    This is the wrong group for your question, however. Go ask in the
    bordermanager.access-rules group for an answer from soneone who knows
    what they're talking about. :-)
    Cheers!
    Richard Beels
    http://www.dsi-consulting.com
    Collaboration without complication

  • Number of Trusted Hosts Limit on Cisco IDM

    Hello,
    I got a common feature question.
    Do you know what is the number of trusted hosts I can include under Cisco IDM monitoring? Is there any limit?
    My versions of IPS are:
    7.1(4)E4 @ Cisco 4345 and 4360
    7.0(8)E4 @ Cisco 4240
    Thank you.
    Kamil

    From CCO, found two different conflicting information though for same release 3.7.2. confusing..
    http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/qos/command/reference/b_qos_cr42asr9k_chapter_011.html#wp966352593
    "The maximum number of policy maps supported is 2000."
    http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.0/qos/command/reference/qr40asr9k_chapter1.html#wp915159151
    "The maximum number of policy maps supported is 1000."
    Thanks for your reply!

  • Customization Wizard 9 and Reader 9.2: not saving trusted hosts

    I', using "Adobe Customization Wizard 9" and "Adobe Reader 9.2".  As  part of the Enhanced Security Settings , I want to define two trusted hosts.  ie: http://www.whatever.com .  The problem is that the Wizard is not saving the trusted hosts that I enter.  I generate the MST file and perform a test installation with the .msi calling the .mst file.  All the other customizations I have made using the Customization Wizard 9 tool are there EXCEPT the settings I designated for the trusted hosts. The entries are blank.
    Is this a known bug with the Customization Wizard 9 or am I doing something wrong?
    TIA !

    I came across your post because I am looking for an answer to the same corruption. Installation completes, but installed configuration does not match my settings. I have similar but separate packages hosted on 2 different servers from which I pushed installation to 2 different LANs. All evidence so far is that all installations are corrupt, all of which defeats the purpose of using the Adobe Customization Wizard.
    I suspect I will have to revisit all systems.
    I have no answers to offer, but will monitor this site in case you do get good advice to fix.

  • Adobe reader - trusted host

    I'm trying to automatically print a pdf from a website using javascript embedded in the pdf.  This works fine but I get a message saying "This document is trying to print.  Do you want to allow this?" from adobe reader.  To get rid of the message, I'm trying to add a host to preferences > Security (Enhanced) > Add Host.  I've tried many combinations of my host name with and without wildcards.  But I still get the message.  My pdf is just written to the browser using Response.BinaryWrite.  I'm not sure what's wrong at this point?  Can anyone help?  Thank you.

    http://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/trust.html
    https://blogs.adobe.com/pdfitmatters/2008/06/enhanced_security_privileged_l.html
    It actually specifically mentions silent printing in the host section...
    Host — A privileged PDF site is appropriate for PDFs that can be opened in a browser from a Web server. A privileged PDF host can only be specified at the host name level; for example, www.adobe.com can be specified, but not www.adobe.com/products/. The specified host must be complete with no wild cards (unlike for crossdomain.xml files). The user will have the option to only specify that the host connection must be secure, for example, that it must be an https: connection. All
    PDFs on the specified host will all have the same privileged PDF settings.
    Using privileged locations, the user can bypass the security restrictions on the following, which would otherwise be in effect:
    •Cross-domain data access
    •Silent printing
    •External streams access
    •Document JavaScript sending data to a remote server
    •FDF data injection
    •FDF script injection
    •Data taint: when data is downloaded from multiple hosts and then sent to another host

  • Cisco vms 2.3 can't query to IDSM-2

    Hi all,
    I use Catalyst 6513 (Router IOS) + IDSM-2 and use Cisco VMS 2.3 to manage IDSM-2. I upgrade IDSM-2 from version 4 to version 5. However, after updating completely, I use Cisco VMS 2.3 to query to IDSM-2, I see a error:
    "status: Error importing configuration files from the sensor - Unable to get sensor version from the sensor. Possible reason: X.509 certificate is invalid or sensor version was downgraded. "

    Hi,
    Normally doing the following fixes the problem.
    You need to regenerate the IDSMC Certificate and add the VMS as the trusted host to the sensor.
    To generate the certificate do the following.
    c:\progra~1\cscopx\mdc\apache\gencert.bat
    where c: drive is the drive you installed your VMS.
    After this is done, please restart the CiscoWorks Daemon Manager.
    You will also need to generate tls key as well as manually re-install the TLS certificate on your sensor.
    tls trusted-host from the IPS CLI and specify your VMS's IP address.
    tls generate-key
    no tls trusted-host ip-address (vms server ip)
    tls trusted-host ip-address (vms server ip)
    Thanks.
    Edward

  • IDSM 5.1(1) S222 certificate unknown errors

    Hi,
    I reimaged my IDSM2 sensor in the following sequence:
    1. Installed WS-SVC-IDSM2-K9-sys-1.1-a-5.1-1.bin.gz
    2. Installed IPS-sig-S222-minreq-5.0-5.pkg
    I am able to launch IDM and work with it. But, I get the following errors when I type "show events" on IDSM-2 CLI.
    evError: eventId=1143377080627763538 severity=warning vendor=Cisco
    originator:
    hostId: RCIPS
    appName: cidwebserver
    appInstanceId: 2731
    time: 2006/03/26 11:45:53 2006/03/26 14:45:53 UTC
    errorMessage: name=errWarning received fatal alert: certificate_unknown
    evError: eventId=1143377080627763539 severity=error vendor=Cisco
    originator:
    hostId: RCIPS
    appName: cidwebserver
    appInstanceId: 2497
    time: 2006/03/26 11:45:53 2006/03/26 14:45:53 UTC
    errorMessage: name=errTransport WebSession::sessionTask(10) TLS connection exception: handshake incomplete.
    I do not see the alerts that I am suppose to see.
    Please help. Thanks.

    "I do not see the alerts that I am suppose to see."
    What type of alerts are you looking for? System events or signature alerts? You don't see alerts from IDM or from the CLI?
    The two events you have in your post look certificate related. When you reimaged the IDSM a new TLS certificate was generated, then you'll have to update your TLS trusted-host. Just to start fresh I'd try doing the following, this process has resolved my TLS issues in the past.
    sensor# tls generate-key
    sensor# sh tls trusted-host (to see if any IP's are currently in the table)
    sensor# conf t
    If there are any trusted-host IP's in the table, then remove them.
    (config)#no tls trusted-host ip-address x.x.x.x
    Next, add IP's back into the trusted-host table.
    (I have also been able to leave the trusted-host table empty and had cisco works IP's add themselves to the trusted host table automagically, but then other times I've had to manually add them.)
    (config)# tls trusted-host ip-address (host IP that you will use to connect to the sensor webserver.)
    This will ask if you want to add the host to the trusted host table, you will answer yes.
    After that try IDM again. Then from the CLI you can verify that you aren't seeing the TLS events anymore with the "show events" command. And then you can also verify that your getting alerts with the show events alert past hh:mm:ss command. Or alternatively just confirm the IDSM is seeing traffic by logging in as tac, su to root, and then do a tcpdump on the sensing interface.
    Maybe a little more information then you needed on verifying the traffic, but hopefully something in the above will help you.

  • Have come full circle---k9-4235 server(https) certificate expired

    Ok i have been running k94235's and idsm2's for a couple years and when I was munking around with a sig on one of the k9-4235 i discovered that the server certificate expired this past sat...When I tried to create a new sensor in IEV it gave the error "connection handshake failure"....
    where/how do I get/make a new server certificate for https sessions on k9-4235, is the latest and greatest
    sysinfo
    Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S178
    MainApp 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
    AnalysisEngine 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
    Authentication 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
    Logger 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
    NetworkAccess 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
    TransactionSource 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
    WebServer 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running

    You can try removing the expired certificate from the sensor by logging into the sensor's CLI and entering the following commands:
    sensor# configure terminal
    sensor(config)# no tls trusted-host ip-address 10.1.2.3
    Next, tell the sensor to trust 10.1.2.3:
    sensor(config)# tls trusted-host ip-address 10.1.2.3

Maybe you are looking for

  • Load Balancing in PI

    Hi Experts, Can any body explain how to do load balancing in PI7.0 What are the parameters needs to change related to Runtime WorkBench when doing load balancing. Please provide if  any one having material related to this. Adavance Thanks Rohit

  • FTP Server in FXP mode : PASV / Illegal PORT Command

    Hello, In our workflow, we transfer the media files with the FTP protocol in mode FXP (server to server), the commands are initiated by an automation system. This system work with the plateforms windows (serv-u), linux (vsftpd), osx (tnftpd) but it's

  • Control panel is in Hebrew on my M201dw Lserjet Pro printer

    My new printer came with "Hebrew" language installed on the control panel.  I need English.  I spent 90 minutes+ on the phone with HP tech support to no avail.  Any assistance would be appreciated.

  • Message VF 073 'Pricing error in item 00010' but Acc. Doc. was created.

    Dear experts, I have some problem in Billing Process. When I process billing, 'S' type message(VF 073) is displayed but billing doc. & accounting doc were created normally. So I checked pricing procedure and condition types, but actually there is no

  • What is it about CFFUNCTION that slows things down???

    I have some code that imports the contents of an Excel spreadsheet into my database, during the import process I also do a fair amount of data massaging. When I run this code straight from a URL it completes in about 90 seconds. When I encapsulate th