11-23-2014 07:30 AM - edited 02-21-2020 05:20 AM
Since last few days, all of a sudden without us making any configuration changes on the ASA or IPS, our ips is not able to download the latest signature update. It gives an error; "autoUpdate successfully selected a package (https://ih@72.163.7.60//swc/esd/11/273556262/guest/IPS-sig-S836-req-E4.pkg) from the cisco.com locator service, however, package download failed: The host is not trusted. Add the host to the system's trusted TLS certificates. name=errSystemError "
We are using Cisco ASA 5520 with IPS module. (Product ID ASA-SSM-20)
Solved! Go to Solution.
02-22-2018 12:05 AM
Hi
The certificate might expired:
"
secure from man-in-the-middle attacks you must establish trust of the TLS certificates of the remote web servers. A copy of the TLS certificate of each trusted remote host is stored in the trusted hosts list.
Use the tls trusted-host ip-address ip-address [ port port ] command to add a trusted host to the trusted hosts list. This command retrieves the TLS certificate from the specified host/port and displays its fingerprint. You can accept or reject the fingerprint based on information retrieved directly from the host you are requesting to add. The default port is 443.
Each certificate is stored with an identifier field ( id ). For the IP address and default port, the identifier field is ipaddress . For the IP address and specified port, the identifier field is ipaddress:port ."
-If I helped you somehow, please, rate it as useful.-
02-22-2018 12:05 AM
Hi
The certificate might expired:
"
secure from man-in-the-middle attacks you must establish trust of the TLS certificates of the remote web servers. A copy of the TLS certificate of each trusted remote host is stored in the trusted hosts list.
Use the tls trusted-host ip-address ip-address [ port port ] command to add a trusted host to the trusted hosts list. This command retrieves the TLS certificate from the specified host/port and displays its fingerprint. You can accept or reject the fingerprint based on information retrieved directly from the host you are requesting to add. The default port is 443.
Each certificate is stored with an identifier field ( id ). For the IP address and default port, the identifier field is ipaddress . For the IP address and specified port, the identifier field is ipaddress:port ."
-If I helped you somehow, please, rate it as useful.-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide