Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2956
Views
0
Helpful
1
Replies

Not able to download signature updates

Go to solution
ihumji
Level 1
Level 1

‎11-23-2014 07:30 AM - edited ‎02-21-2020 05:20 AM

Since last few days, all of a sudden without us making any configuration changes on the ASA or IPS, our ips is not able to download the latest signature update. It gives an error; "autoUpdate successfully selected a package (https://ih@72.163.7.60//swc/esd/11/273556262/guest/IPS-sig-S836-req-E4.pkg) from the cisco.com locator service, however, package download failed: The host is not trusted. Add the host to the system's trusted TLS certificates.  name=errSystemError "

 

We are using Cisco ASA 5520 with IPS module. (Product ID ASA-SSM-20)

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎02-22-2018 12:05 AM

Hi

 The certificate might expired:

"

secure from man-in-the-middle attacks you must establish trust of the TLS certificates of the remote web servers. A copy of the TLS certificate of each trusted remote host is stored in the trusted hosts list.

Use the tls trusted-host ip-address ip-address [ port port ] command to add a trusted host to the trusted hosts list. This command retrieves the TLS certificate from the specified host/port and displays its fingerprint. You can accept or reject the fingerprint based on information retrieved directly from the host you are requesting to add. The default port is 443.

Each certificate is stored with an identifier field ( id ). For the IP address and default port, the identifier field is ipaddress . For the IP address and specified port, the identifier field is ipaddress:port ."

 

https://www.cisco.com/c/en/us/td/docs/security/ips/7-3/configuration/guide/cli/cliguide73/cli_setup.html#19523

 

-If I helped you somehow, please, rate it as useful.-

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Flavio Miranda
VIP
VIP

‎02-22-2018 12:05 AM

Hi

 The certificate might expired:

"

secure from man-in-the-middle attacks you must establish trust of the TLS certificates of the remote web servers. A copy of the TLS certificate of each trusted remote host is stored in the trusted hosts list.

Use the tls trusted-host ip-address ip-address [ port port ] command to add a trusted host to the trusted hosts list. This command retrieves the TLS certificate from the specified host/port and displays its fingerprint. You can accept or reject the fingerprint based on information retrieved directly from the host you are requesting to add. The default port is 443.

Each certificate is stored with an identifier field ( id ). For the IP address and default port, the identifier field is ipaddress . For the IP address and specified port, the identifier field is ipaddress:port ."

 

https://www.cisco.com/c/en/us/td/docs/security/ips/7-3/configuration/guide/cli/cliguide73/cli_setup.html#19523

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card