IDS Event viewer error

Unanswered Question
Apr 23rd, 2008

Hi All

Please help me out with this .I am getting attached IDS Event viewer error while trying to install it .Please let me know the probable causes and how to rectify the same

Regards

Ankur

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Which event viewer are you using? Is it the stand alone event viewer or something like Security Monitor?

*** Edit ***

I just really want to say this is a memory allocation issue within your java setting. But the "certifcationexpiredexception" throws it in a whole other direction.

*** EDIT 2 ***

Maybe play with your java runtime parameters - "-Server -Xmx256m" there are several ways to allot a set amount of memory.

marcabal Wed, 04/23/2008 - 11:58

At what stage of installation are you seeing this error?

It appears that a SSL certificate has expired, or an applet has a digital signature based on a certificate that has recently expired.

If you can provide recreation steps then we can figure out what certificate is expiring, and determine the next steps in resolving your issue.

Without knowing anything else my best guess at this point is that the SSL certificate on your sensor has expired. If the sensor has been deployed in your network for over a year, then this jsut could be the standard expiration of the SSL certificate on your sensor. Try conneting from a web browser directly to your sensor. When your web browser connects it should warn you if the sensor certificate is expired. If this is the case then ssh or telnet to the sensor and execute: "tls generat-key" to enforce the creation of a new SSL certificate for your sensor.

If the error is not from an expired SSL certificate, then it is from other certificate or digital signature and we will need to try and recreate in our lab.

Once you provide us with re-create steps, then there is something you might try for a short term solution as we try to re-create.

You might try setting the date/time on your PC to a few days ago. The certificate appears to have expired on April 23rd so setting it back to April 20th may make the error go away. I am not positive this will work, but may be worth a shot if you need access immediately and can't wait a day or 2 as analysis is done. This is not a permanent solution and would just be a temporary workaround as we try to analyze what certificate is expiring.

ankurs2008 Wed, 04/23/2008 - 22:50

Hi

Thanks for the help.The IPS Event viewer is 5.1.Also when i install and give the IP Address of the sensor , followed by credentials , select HTTPS and then click on update ,then this error comes.Also i have ensured that the Java settings include the parameter which chickman has mentioned , please see the snapshot attached.Let mek now is it because of an expired SSL Certificate

Remove the java setting I suggested. Try and run through what Marc had said.

What you'll need to do if you want to do it via IDM is to expand the "sensor setup" and go to "time." When there, reset the time a week or so BEFORE April 23rd. So that you can test out the time of the cert expiration.

If you find that this works, then you can assume the cert is expired and you'll need to regenerate it.

From the "sensor setup" expand "certificates." From here you'll need to go into "server certificates" and select the button at the bottom that says "generate certificate."

Keep in mind this was Marc's instruction :)

ankurs2008 Thu, 05/01/2008 - 02:30

hi

the issue is solved and the error has gone . Iam able to register the sensor in the IEV .However the issue is i am not seeing any events on the Realtime Dashboard.I have verified from the sensor that the events are coming on the same by comamnd " show events alert past 01:00"

I have posted one more thread for the same .please look into that and help me out.

Actions

This Discussion