IOException when trying to connect to Cisco IPS

A little while ago, I tried to connect to one of Cisco IPS boxes running 7.x version of code, using Cisco IME (IPS Management Express) with no luck. I stuck with the error:

IOException when try to get certificate: java.security.cert.CertificateExpiredException: not after Sat Feb 08 18:05:16 CET 2014

ips_ioexception_error

Of course, the access using the IDM tool was also not possible.

The reason is apparent: the self signed certificate was expired and we are given an exact date and time when this happened. The issue can give us a lot of headache and the solution is pretty simple – we need to generate a new and valid self-signed certificate. How do we do that?

We log in to the IPS CLI and issue this simple command:

Sensor1#
Sensor1# tls generate-key
MD5 fingerprint is 56:A7:XX:YY:ZZ:WW:7E:62:E1:36:80:A1:52:94:BD:87
SHA1 fingerprint is 7E:36:D3:E9:D8:4E:D0:XX:YY:ZZ:1A:D0:65:77:BC:82:77:37:03:C3
Sensor1#

Now when we try to log back in we can see that we are successful:

ips_ioexception_ok

Happy tuning 🙂

Advertisements
This entry was posted in Cisco, IPS, Security and tagged , , . Bookmark the permalink.

2 Responses to IOException when trying to connect to Cisco IPS

  1. Mike says:

    You’re a lifesaver. Thanks for this one.

  2. Paula says:

    Works just fine, Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s