https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197225#M920833 <HTML><HEAD></HEAD><BODY><P>Found a workaround + cisco fix is there. </P><P></P><P>I had IPS software updated to 7.2.1. It is not supported by CSM 4.4 (SP1 should be installed) As a workaround I've:</P><P></P><P>- deleted the device</P><P>- added it back . During addition you have "test connectivity". It fails, but it shows you the device certificate. Copy fingerprint from the output.</P><P>- go to newly added device, then credentials, insert fingerprint, save.</P><P></P><P>Working fine but still CSM update is scheduled.</P><P></P><P>regards,</P><P></P><P>Volodymyr Morskyy</P></BODY></HTML> Wed, 05 Jun 2013 08:59:21 GMT Volodymyr Morskyy 2013-06-05T08:59:21Z https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197223#M920831 <P>I have just upgraded to CSM 4.4 (from 4.3 sp 1) almost everything works as expected.</P><P></P><P>However - one of my firewalls has had its ssl certificate expire.</P><P>So I go to device properties -&gt; device credentials </P><P>Go down to the Authentication Certificate Thumbprint and click retrieve from device.</P><P>As expected I get a window with the Certificate details (and the expiry date is now 2023 so it is valid)</P><P>Click on accept</P><P></P><P>And then go to click on save - at this point I get a window with no description text, but a title which states "Error Validating Data" and a Yes or No Option.</P><P></P><P>Clicking either yes or no has the same result - it doesn't accept the cert and I can't then use test connectivty to get my firewall back to being managed.</P><P></P><P>Very confused here.... any suggestions</P><P></P><P>Thanks in advance</P><P></P><P>Giles Cooper</P> Fri, 21 Feb 2020 12:52:32 GMT https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197223#M920831 bgl-group 2020-02-21T12:52:32Z https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197224#M920832 <HTML><HEAD></HEAD><BODY><P> Hi,</P><P></P><P>Hitting the same issue. Did you found solution for this as I am about to go to cisco. </P><P></P><P>Thank you.</P></BODY></HTML> Wed, 05 Jun 2013 06:14:17 GMT https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197224#M920832 Volodymyr Morskyy 2013-06-05T06:14:17Z https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197225#M920833 <HTML><HEAD></HEAD><BODY><P>Found a workaround + cisco fix is there. </P><P></P><P>I had IPS software updated to 7.2.1. It is not supported by CSM 4.4 (SP1 should be installed) As a workaround I've:</P><P></P><P>- deleted the device</P><P>- added it back . During addition you have "test connectivity". It fails, but it shows you the device certificate. Copy fingerprint from the output.</P><P>- go to newly added device, then credentials, insert fingerprint, save.</P><P></P><P>Working fine but still CSM update is scheduled.</P><P></P><P>regards,</P><P></P><P>Volodymyr Morskyy</P></BODY></HTML> Wed, 05 Jun 2013 08:59:21 GMT https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197225#M920833 Volodymyr Morskyy 2013-06-05T08:59:21Z https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197226#M920834 <HTML><HEAD></HEAD><BODY><P> Sorry I found a workaround but forgot about this question.</P><P></P><P>Right click on the device and select Device Properties</P><P>Go to credentials</P><P></P><P>And click retrieve from device.</P><P></P><P>Copy the thumbprint to the clipboard.</P><P></P><P>Cancel the device properites screen</P><P></P><P>Go to Security manager administation</P><P>Select Device communication</P><P></P><P>Click Add Certificate</P><P>Paste in the thumbprint and supply the IP address of the device.</P><P></P><P>Click Save</P><P></P><P>And it should work properly.</P></BODY></HTML> Wed, 05 Jun 2013 10:55:09 GMT https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197226#M920834 bgl-group 2013-06-05T10:55:09Z https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197227#M920835 <HTML><HEAD></HEAD><BODY><P>Hi Giles,</P><P></P><P>Yes, the same thing I've done but from different menus))</P><P></P><P>Thank you anyway</P></BODY></HTML> Wed, 05 Jun 2013 12:55:10 GMT https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197227#M920835 Volodymyr Morskyy 2013-06-05T12:55:10Z https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197228#M920836 <HTML><HEAD></HEAD><BODY><P style="margin: 0pt; padding: 0pt; color: #333333; font-family: arial,helvetica,sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">This is definitely a bug in CSM 4.x and still exists in the latest version 4.4 SP2.&nbsp; </P><P></P><P style="margin: 0pt; padding: 0pt; color: #333333; font-family: arial,helvetica,sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><A href="https://tools.cisco.com/bugsearch/bug/CSCue25304">https://tools.cisco.com/bugsearch/bug/CSCue25304</A></P><P style="margin: 0pt; padding: 0pt; color: #333333; font-family: arial,helvetica,sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><A href="https://tools.cisco.com/bugsearch/bug/CSCuf94050">https://tools.cisco.com/bugsearch/bug/CSCuf94050</A></P><P style="margin: 0pt; padding: 0pt; color: #333333; font-family: arial,helvetica,sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><SURE there="" are="" more=""></SURE></P><P></P><P style="margin: 0pt; padding: 0pt; color: #333333; font-family: arial,helvetica,sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">I ran the script suggested in the workaround (script.pl) and it did provide a resolution on this issue in our installation.&nbsp; Here is the information taken directly from the bug links above.</P><P></P><P>A script is included with CSM 4.4 SP1 to automate these changes for all affected devices:</P><P>1.) Ensure that there are no pending changes present in CSM that have not been committed to the database. This can be done via the Configuration Manager (client app)'s File menu &gt; Submit . Then, exit/close any/all open instances of CSM client app's.</P><P>2.) On the CSM server itself, right-click on the Command Prompt start menu item and choose the "Run as administrator" option to open a privileged command prompt window, then:</P><P>cd \"Program Files (x86)"\CSCOpx\bin</P><P>perl.exe script.pl</P><P>3.) Once the script completes, restart the 'Cisco Security Manager Daemon Manager' (CRMDmgtd) MS Windows service and allow it a few minutes for it to restart all dependent services</P><P></P><P></P><P style="margin: 0pt; padding: 0pt; color: #333333; font-family: arial,helvetica,sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">In case anyone has an issue after the script, then I have another workaround on this issue.</P><P></P><P style="margin: 0pt; padding: 0pt; color: #333333; font-family: arial,helvetica,sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">What we have done to update the certificates is to select the device under "Devices" and then run the "IPS Certificates Utility"&nbsp; (Manage-&gt;IPS-&gt;IPS Certificates).&nbsp; Select the device and choose "Regenerate Certificate" and it will update the certificate push the date out. The "Sync Certificate" works as well, but it is just a matter of preference on how you want to accomplish the update.</P><P></P><P style="margin: 0pt; padding: 0pt; color: #333333; font-family: arial,helvetica,sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">Thanks for the workaround suggestions provided and I hope this information is useful to someone.</P><P></P><P><BR class="Apple-interchange-newline" /></P></BODY></HTML> Tue, 19 Nov 2013 06:19:38 GMT https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197228#M920836 kevinknaul 2013-11-19T06:19:38Z https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197229#M920837 <HTML><HEAD></HEAD><BODY><P>I had this problems too. </P><P>We are checked Firewall events and it was blocked ssl(tcp/443) port between CSM and Firewalls. We opened these ports and it was solved.</P></BODY></HTML> Thu, 06 Mar 2014 02:22:08 GMT https://community.cisco.com/t5/network-security/csm-4-4-device-credentials/m-p/2197229#M920837 Enkhbayar Bold 2014-03-06T02:22:08Z