IEV 5.0 error

lunestadr · ‎05-21-2006

Hi,

I get the attached error message when I try to add a device (ids-4215)to the IEV 5.0. Is there any dependencies for java certificate for this IEV sw ?

regards rolf

marcabal · ‎05-21-2006

Looks like the sensor SSL/TLS Certificate may have expired on the sensor.

Web browse to the sensor to start IDM, and during the initial login (before IDM even loads) you can view the sensor's certificate (on Internet Explorer it is a Security Alert window that pops up and on the bottom right is a "View Certificate" button). Look at the certificate to see if it has expired.

(If you had previously saved the sensor certificate then you will need to look at the web browser's stored certificate for the sensor.)

Check that the time on both the IEV and sensor are correct. If the date on the IEV box is wrong then the IEV might assume the sensor's certificate is expired even when it is still valid. If the sensor's date is wrong, then it may have generated a certificate in the past or future based on the wrong date.

If the sensor's certificate is expired, then a new ceritificate will need to be generated on the sensor.

Execute "tls generate-key" on the sensor's CLI to generate a new key.

NOTE: If a new certificate is generated, then every management tool connecting to the sensor (like IEV, or CSM) will need to re-import the sensor's new SSL/TLS certificate.

The certificate's generated on the sensor are usually only valid for about 2 years. On the very first bootup of the sensor (either during manufacturing or after a re-image/recovery) it will automatically generate a new certificate. If more than 2 years have passed since the sensor was booted up for the first time, then the original certificate will have expired and it is common to have to generate a new one.