Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

4-56

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 4 Setting Up the Sensor

Installing the License Key

Expiration Date: Fri Jan 1 23:59:59 2021

sensor#

Displaying and Generating the Server Certificate

A TLS certificate is generated when the sensor is first started. Use the tls generate-key command to

generate a new server self-signed X.509 certificate. The IP address of the sensor is included in the

certificate. If you change the sensor IP address, the sensor automatically generates a new certificate.

Caution The new certificate replaces the existing certificate, which requires you to update the trusted hosts lists

on remote systems with the new certificate so that future connections succeed. You can update the trusted

hosts lists on remote IPS sensors using the tls trusted-host command. If the sensor is a master blocking

sensor, you must update the trusted hosts lists on the remote sensors that are sending block requests to

the master blocking sensor.

To generate a new TLS certificate, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 Generate the new certificate.

sensor# tls generate-key

MD5 fingerprint is FD:83:6E:41:D3:88:48:1F:44:7F:AF:5D:52:60:89:DE

SHA1 fingerprint is 4A:2B:79:A0:82:8B:65:3A:83:B5:D9:50:C0:8E:F6:C6:B0:30:47:BB

sensor#

Step 3 Verify that the key was generated.

sensor# show tls fingerprint

MD5: FD:83:6E:41:D3:88:48:1F:44:7F:AF:5D:52:60:89:DE

SHA1: 4A:2B:79:A0:82:8B:65:3A:83:B5:D9:50:C0:8E:F6:C6:B0:30:47:BB

sensor#

For More Information

For the procedure for updating the trusted hosts lists on remote sensors, see Adding TLS Trusted Hosts,

page 4-51.

Installing the License Key

This section describes the IPS license key and how to install it. It contains the following topics:

• Understanding the License Key, page 4-57

• Service Programs for IPS Products, page 4-57

• Obtaining and Installing the License Key, page 4-58

• Obtaining a New License for the IPS 4270-20, page 4-60

• Licensing the ASA 5500-X IPS SSP, page 4-61

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual