Document ID: 64094
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Step-by-Step Instructions
Verify
Troubleshoot
NetPro Discussion Forums - Featured Conversations
Related Information
Introduction
This document explains the procedure you use to correct this error message that appears while you update the signature of your Intrusion Detection System (IDS) Sensor:
Sensor sensorname: Signature Update Process An error occurred while running the update script on the sensor named p3idsmtd-2. Detail = An error occurred at the sensor during the update, sensor message = The host is not trusted. Add the host to the system's trusted TLS certificates.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on the IDS Management Center (MC) signature update.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Step-by-Step Instructions
Complete these steps:
-
Enter these commands from the Sensor:
sensor#configure terminal sensor(config)#no tls trusted-host ip-address <ip address of vms server>
-
Re-add the VPN/Security Management Solution (VMS) server to the Sensor:
sensor(config)#tls trusted-host ip-address <ip address of vms server>
-
Login to the service account and su - to root if steps 1 and 2 do not work.
The Sensor has an underlying Linux operating system. You can access it when you log in with a service account. Enter the show users all command in your Sensor in order to check to see if you have a service account. If you have a service account, you see the username under the User column and the service under the Privilege column. These accounts are not created by default. Issue this command if you have to create an account:
sensor(config)#username <service username> privilege service password <password>
-
Issue the show users all command once more in order to make sure the service account is created.
-
Log out and log back in using the service account.
Login to the service account and su - to root. The password for the root user is the same as the password you created for the service account.
Run this command sequence:
/etc/init.d/cids stop cd /usr/cids/idsRoot/etc/cert mv mytestca.cer mytestca.save rm -f *.cer mv mytestca.save mytestca.cer cd .. rm -f curTrustedCertificatesConfig.xml /etc/init.d/cids start -
Reboot the Sensor.
-
Login with the 'Admin' account, and add the trusted host with the tls trusted-host command once it is restored.
Verify
There is currently no verification procedure available for this configuration.
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
NetPro Discussion Forums - Featured Conversations
| NetPro Discussion Forums - Featured Conversations for Security |
| Security: Intrusion Detection [Systems] |
| Security: AAA |
| Security: General |
| Security: Firewalling |
Related Information
- Cisco Intrusion Prevention System
- Security Product Field Notices (including Cisco Secure Intrusion Detection)
- Technical Support & Documentation - Cisco Systems
| Updated: Jan 19, 2006 | Document ID: 64094 |