Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

4-54

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 4 Setting Up the Sensor

Configuring TLS

Server's IP Address: 173.39.51.249

Port[22]:

File name: /ws/jsmith-bgl/CertiPostRootCert.cer

Password: ************

SHA1 fingerprint of this certificate is

74:2c:df:15:94:04:9c:bf:17:a2:04:6c:c6:39:bb:38:88:e0:2e:33

Would you like to add this to the TLS trusted certificate store (yes/no)?[yes]:

Step 3 Enter yes to accept the trusted root certificate. The certificate is added to the TLS trusted root certificates

list.

Certificate with SHA1 fingerprint

74:2c:df:15:94:04:9c:bf:17:a2:04:6c:c6:39:bb:38:88:e0:2e:33 successfully added to the TLS

trusted root certificate store.

sensor(config)#

If the connection cannot be established, the transaction fails.

sensor(config)# tls trusted-root-certificate

Error: Unable to receive the certificate file from the specified URL - ssh: connect to

host 10.89.12.45 port 22: Connection timed out

Step 4 Update the trusted root certificate.

sensor(config)# tls trusted-root-certificate scp:

User: jsmith

Server's IP Address: 173.39.51.249

Port[22]:

File name: /ws/jsmith-bgl/CertiPostRootCert.cer

Password: ************

SHA1 fingerprint of this certificate is

74:2c:df:15:94:04:9c:bf:17:a2:04:6c:c6:39:bb:38:88:e0:2e:33

This certificate is going to replace an existing certificate in the TLS trusted

certificate store.

Validity of the existing certificate is same as the one you are trying to add.

Are you sure you want to proceed (yes/no)?[yes]:

Step 5 Enter yes to update the trusted root certificate. The certificate is updated in the TLS trusted root

certificates list.

Certificate with SHA1 fingerprint

74:2c:df:15:94:04:9c:bf:17:a2:04:6c:c6:39:bb:38:88:e0:2e:33 already exists in the TLS

trusted root certificate store.

sensor(config)#

Step 6 Verify that the trusted root certificate was added.

sensor(config)# exit

sensor# show tls trusted-root-certificates

TLS Certificate Name: GeoTrust Global CA

Issued To: c=US,o=GeoTrust Inc.,cn=GeoTrust Global CA

Issued By: c=US,o=GeoTrust Inc.,cn=GeoTrust Global CA

SHA1-fingerprint: de:28:f4:a4:ff:e5:b9:2f:a3:c5:03:d1:a3:49:a7:f9:96:2a:82:12

MD5-fingerprint: f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5

previous next