cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

New Hall of Fame Member-Peter PAluch

703
Views
0
Helpful
1
Replies
Highlighted
Beginner

Not able to download signature updates

Since last few days, all of a sudden without us making any configuration changes on the ASA or IPS, our ips is not able to download the latest signature update. It gives an error; "autoUpdate successfully selected a package (https://ih@72.163.7.60//swc/esd/11/273556262/guest/IPS-sig-S836-req-E4.pkg) from the cisco.com locator service, however, package download failed: The host is not trusted. Add the host to the system's trusted TLS certificates.  name=errSystemError "

 

We are using Cisco ASA 5520 with IPS module. (Product ID ASA-SSM-20)

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor

Re: Not able to download signature updates

Hi

 The certificate might expired:

"

secure from man-in-the-middle attacks you must establish trust of the TLS certificates of the remote web servers. A copy of the TLS certificate of each trusted remote host is stored in the trusted hosts list.

Use the tls trusted-host ip-address ip-address [ port port ] command to add a trusted host to the trusted hosts list. This command retrieves the TLS certificate from the specified host/port and displays its fingerprint. You can accept or reject the fingerprint based on information retrieved directly from the host you are requesting to add. The default port is 443.

Each certificate is stored with an identifier field ( id ). For the IP address and default port, the identifier field is ipaddress . For the IP address and specified port, the identifier field is ipaddress:port ."

 

https://www.cisco.com/c/en/us/td/docs/security/ips/7-3/configuration/guide/cli/cliguide73/cli_setup.html#19523

 

-If I helped you somehow, please, rate it as useful.-

1 REPLY
VIP Advisor

Re: Not able to download signature updates

Hi

 The certificate might expired:

"

secure from man-in-the-middle attacks you must establish trust of the TLS certificates of the remote web servers. A copy of the TLS certificate of each trusted remote host is stored in the trusted hosts list.

Use the tls trusted-host ip-address ip-address [ port port ] command to add a trusted host to the trusted hosts list. This command retrieves the TLS certificate from the specified host/port and displays its fingerprint. You can accept or reject the fingerprint based on information retrieved directly from the host you are requesting to add. The default port is 443.

Each certificate is stored with an identifier field ( id ). For the IP address and default port, the identifier field is ipaddress . For the IP address and specified port, the identifier field is ipaddress:port ."

 

https://www.cisco.com/c/en/us/td/docs/security/ips/7-3/configuration/guide/cli/cliguide73/cli_setup.html#19523

 

-If I helped you somehow, please, rate it as useful.-

CreatePlease to create content
Content for Community-Ad

Blog-Cisco Community Designated VIP Class of 2019