Table of Contents
Advertisement
Chapter 24
System Maintenance
•
•
•
Setting the Global Certificate and Fingerprint Response
The default response is to accept the certificate or fingerprint the first time MARS attempts to connect
to the device, after which if a conflict is detected, then administrative intervention is required to update
to the new certificate or fingerprint.
If this option is not the one that you wish to use, you can select from three options. The global setting
for the conflict detection responses is located on the Admin > System Parameters > SSL/SSH Settings
page.
To change the default certificate and fingerprint response, follow these steps:
Step 1
Log into the web interface using an account with Administrative privilege.
Click the Admin > System Parameters > SSL/SSH Settings.
Step 2
Select one of the following options to define the global behavior that you require:
Step 3
•
•
•
For details on these options, see
page
Click Submit.
Step 4
Upgrading from an Expired Certificate or Fingerprint
If you have selected a global response option other than Automatically always accept (see
Global Certificate and Fingerprint Response, page
expired certificate or fingerprint.
Two options exist for upgrading from an expired certificate or fingerprint. If you are logged in to the web
interface when a GUI process detects a certificate or fingerprint conflict, you will be prompted to accept
or reject the new value. Otherwise, if you are not logged in or a backend process detects the conflict, you
must manually initiate a communication with the device. To determine the list of devices for which you
must manually update the certificates or fingerprints, review the Activity: CS-MARS Detected
Conflicting Certificates/Fingerprints report (see
24-10).
The following procedures explain how to upgrade under the specific circumstances:
•
•
•
78-17020-01
Graphgen process for mitigation operation (SSH and SSL)
Device Monitor process for resource monitoring feature (SSH)
DTM process (SSH)
Automatically always accept
Accept first time and prompt when changed
Always prompt on new and changed
24-7.
Upgrade a Certificate or Fingerprint Interactively, page 24-10
Upgrade a Certificate Manually, page 24-10
Upgrade a Fingerprint Manually, page 24-10
Understanding Certificate and Fingerprint Validation and Management
Understanding Certificate and Fingerprint Validation and Management,
24-9), you will at some time be required to update an
Monitoring Certificate Status and Changes, page
User Guide for Cisco Security MARS Local Controller
Setting the
24-9
Advertisement
Table of Contents
Troubleshooting
