Filter
Top Products
4-53
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 4 Setting Up the Sensor
Configuring TLS
Step 5 Verify the web server changes.
sensor(config-web)# show settings
enable-tls: true <defaulted>
strict-tls-server-validation: enable default: disable
port: 443 <defaulted>
server-id: HTTP/1.1 compliant <defaulted>
configurable-service (min: 0, max: 99, current: 0)
-----------------------------------------------
-----------------------------------------------
websession-inactivity-timeout: 3600 <defaulted>
enable-websession-inactivity-timeout-logging: false <defaulted>
tls-client-ciphers-restriction: enable <defaulted>
sensor(config-web)#
Step 6 Exit web server submode.
sensor(config-web)# exit
Apply Changes:?[yes]:
Step 7 Press Enter to apply the changes or enter no to discard them.
Note If you enable TLS settings, you must reset the sensor to make the web server uses the new settings.
Adding and Updating TLS Trusted Root Certificates
Use the tls trusted-root-certificate command in global configuration mode to add a new certificate or
to update an existing certificate to the trusted root certificates list. The protocols used for copying the
TLS root certificate are SCP and HTTPs.
The following commands apply:
• destination-url—Specifies the location of the TLS trusted root certificate.
• scp:—Source or destination URL for the SCP network server. The syntax for this prefix is:
scp://[[username@]location][/relativeDirectory]/filename
scp://[[username@]location][//absoluteDirectory]/filename
Note If you use SCP protocol, you are prompted for a password and you must add the remote
host to the SSH known hosts list.
• https:—Source URL for the Web server. The syntax for this prefix is:
https://[[username@]location][/directory]/filename
To add a trusted root certificate to the trusted root certificates list, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Add the trusted root certificate.
sensor# configure terminal
sensor(config)# tls trusted-root-certificate scp:
User: jsmith