Cisco IPS / IME Certificate Error


At some point if you are a user of Cisco’s IPS product, you may have found it beneficial to use IME (IPS Manager Express). If you are not familiar with it, basically it is a locally installed application that allows a user to manage multiple different Cisco IPS sensors. You all the IP and credentials to IME and it logs in automatically when IME is launched.

That is all great until you face an error trying to add your IPS to your installation of IME. A common error is: ”

IOException when try to get certificate:
NotAfter: ***DATE/TIME***

What that is basically saying is that the local certificate from your IPS sensor that is used for authentication of IME is expired. This certificate isn’t used for much else of anything. The fix is actually a fast, simple, non-disruptive one though. Log into the command line interface of your IPS sensor and execute the command:

tls generate-key

Once completed, all users will need to re-add the sensor(s) and re-accept the certificate when prompted. Once you re-add the sensor, you’ll longer see the error about an expired certificate!


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.