Filter
Top Products
9-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 9 Troubleshooting Device Communication and Deployment
Managing Device Communication Settings and Certificates
Tip Having an accurate certificate is required for successful HTTPS communications; Security Manager
cannot communicate with the device without the correct certificate, which prevents configuration
deployment. When using self-signed certificates, the device might create a new certificate if Security
Manager attempts to access it using the wrong certificate. Thus, it is best to configure Security Manager
to always retrieve the certificate from the device.
Instead of having Security Manager automatically retrieve the certificates, you can manually add them
to increase the level of network security. On the Device Communication page, you would configure the
device authentication setting for the device type as Manually add certificates.
The easiest way to manually update the certificate for a device is to retrieve it from the device.
Right-click the device and select Device Properties. Click Credentials to open the Credentials page,
and then click Retrieve From Device to the right of the Authentication Certificate Thumbprint field.
Security Manager retrieves the certificate and prompts you to accept it. You might need to do this if you
encounter certificate problems during configuration deployment. (You can also type or paste the
certificate into this field.)
You can also manually type in, or copy and paste, the certificate thumbprint without having Security
Manager log into the device. Use the following procedure to manually enter the SSL certificate
thumbprint for a device if you configured that device type to require manually added certificates.
Tip Security Manager allows you to generate a 2048-bit self-signed certificate under Megamenu > Server
Administration > Server > Security > Single Server Management > Certificate Setup.
Tip To reach the Megamenu, double-click the Cisco Security Manager icon on your server desktop and log
on. Another way to reach the Megamenu is as follows: Windows > Start > All Programs > Cisco Security
Manager > Cisco Security Manager > [log on]. This second navigation path may differ slightly,
depending upon how you have personalized your Windows Server installation.
Before You Begin
Obtain the certificate thumbprint (a hexadecimal string) for the device.
Tip If the thumbprint is not readily available, you can copy it from the error message that is displayed when
you add the device from the network or from an export file.
Step 1 Select Tools > Security Manager Administration and select Device Communication from the table of
contents to open the Device Communication page (see Device Communication Page, page 11-17).
Step 2 Click Add Certificate to open the Add Certificate dialog box (see Add Certificate Dialog Box,
page 11-20).
Step 3 Enter the DNS hostname or IP Address of the device, the certificate thumbprint in hexadecimal format,
and click OK. The thumbprint is added to the certificate store.
Tip To erase an existing thumbprint, leave the Certificate Thumbprint field empty.