Re: have come full circle---k9-4235 server(https) certificate ex

garyprice · ‎06-29-2005

Ok i have been running k94235's and idsm2's for a couple years and when I was munking around with a sig on one of the k9-4235 i discovered that the server certificate expired this past sat...When I tried to create a new sensor in IEV it gave the error "connection handshake failure"....

where/how do I get/make a new server certificate for https sessions on k9-4235, is the latest and greatest

sysinfo

Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S178

MainApp 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running

AnalysisEngine 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running

Authentication 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running

Logger 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running

NetworkAccess 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running

TransactionSource 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running

WebServer 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running

jamesand · ‎06-30-2005

You can try removing the expired certificate from the sensor by logging into the sensor's CLI and entering the following commands:

sensor# configure terminal

sensor(config)# no tls trusted-host ip-address 10.1.2.3

Next, tell the sensor to trust 10.1.2.3:

sensor(config)# tls trusted-host ip-address 10.1.2.3

have come full circle---k9-4235 server(https) certificate expired