A little while ago, I tried to connect to one of Cisco IPS boxes running 7.x version of code, using Cisco IME (IPS Management Express) with no luck. I stuck with the error:
IOException when try to get certificate: java.security.cert.CertificateExpiredException: not after Sat Feb 08 18:05:16 CET 2014
Of course, the access using the IDM tool was also not possible.
The reason is apparent: the self signed certificate was expired and we are given an exact date and time when this happened. The issue can give us a lot of headache and the solution is pretty simple – we need to generate a new and valid self-signed certificate. How do we do that?
We log in to the IPS CLI and issue this simple command:
Sensor1# tls generate-key
MD5 fingerprint is 56:A7:XX:YY:ZZ:WW:7E:62:E1:36:80:A1:52:94:BD:87
SHA1 fingerprint is 7E:36:D3:E9:D8:4E:D0:XX:YY:ZZ:1A:D0:65:77:BC:82:77:37:03:C3
Now when we try to log back in we can see that we are successful:
Happy tuning 🙂