43-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter43 Managing IPS Sensors
Rebooting IPS Sensors
Certificate Status on Device—Shows the current status of the certificate as it exists on the device:
Valid Certificate—The certificate is good and within the validity date range.
Expired Certificate—The certificate has passed its Valid Until date and is now expired. Select
the device and click Regenerate Certificate to create a new valid certificate on the device and
to have the certificate loaded into the Security Manager certificate store.
Certificate Not Yet Valid—The certificate has not yet reached its Valid From date and cannot
be used yet. This might indicate a mismatch between the time settings on the device and on the
Security Manager server. Ensure that the time settings are the same (consider using an NTP
server). Consider regenerating the certificate.
Unavailable – Refresh to get Cert Info—The certificate is not currently in the Security
Manager certificate store. Click Refresh to have Security Manager retrieve the certificate from
the device and load it into the certificate store.
Nonretrievable – Cert Info not available—Security Manager was not able to log into the
device and retrieve the certificate, or you are using HTTP for communications. Select the device
and click Refresh.
If refresh does not resolve the problem, ensure that the device is operating normally (that it is
not down), and then check the device properties to ensure that correct credentials are configured
for access (see Viewing or Changing Device Properties, page3-39). If credentials are not the
problem, also check the Allowed Hosts policy configured on the device and ensure that the
Security Manager server is included as an allowed host (see Identifying Allowed Hosts,
page 35-7). You can also log into Windows on the Security Manager server and use ping to see
if there is a route between the server and the IPS device.
Thumbprint on CSM, Thumbprint on Device—These separate columns show the thumbprint for
the certificate in the certificate store and on the device.
Step 2 Use any of the following buttons to perform the indicated actions. Except where indicated, if you do not
select one or more devices before clicking the button, the action is performed on all listed devices, which
can be time-consuming if there are a lot of IPS devices. You are warned before an operation is performed
on all devices and given the option to stop it.
Sync Certificate—Synchronize the certificate information in the Security Manager certificate store
with the certificate on the device. The device certificate replaces the one in the certificate store.
Regenerate Certificate—Generate a new certificate on the device and then load the new certificate
into the certificate store.
Refresh—Refresh the status information by having Security Manager contact the devices and
retrieve certificate information, such as validity dates, and compare the certificate with the one in
the certificate store. This action updates the Certificate Status on Device column and also determines
whether there is a certificate mismatch.
Export—Exports the entire certificates table to a comma-separated values (CSV) file. You cannot
export less than the entire table. You are prompted for a file name and folder on the Security
Manager server.
Rebooting IPS Sensors
You can reboot an IPS sensor from Security Manager.