2 Replies Latest reply on Jul 21, 2017 7:56 AM by MaxPat

    Unable to upload the PFX certificat on NSM

    abdessamad

      Hi,

      I'm unable to upload the PFX certificat on the McAfee NSM, I get the message error :


      Action Failed: Sensor SSL key material invalid. Please review ems.log for details.

        • 1. Re: Unable to upload the PFX certificat on NSM
          abdessamad

          I have this error message on the EMS log :

           

          2016-02-16 13:43:08,293 INFO  [Thread-15507::Top Victims, ] com.intruvert.utility.lumos.LumosConnect - Looking up local service impl for name =MyITFTPTransfer

          2016-02-16 13:43:08,294 INFO  [Thread-15507::Top Victims, ] iv.ui.jsp.UtilBean - Sanitized tag : /My Company > IPS-MI > Setup > Decryption > Certificate Management

          2016-02-16 13:43:08,294 INFO  [Thread-15507::Top Victims, ] iv.ui.jsp.UtilBean - Sanitized tag : /My Company > IPS-MI > Setup > Decryption > Certificate Management

          2016-02-16 13:43:25,716 INFO  [Thread-15507::Top Victims, ] com.intruvert.ui.struts.common.EMSAction - !!!  bReturn:true

          2016-02-16 13:43:26,596 INFO  [Thread-15507::Top Victims, ] iv.ui.jsp.CSSLKeyUploadServlet - Uploaded File :Wilcard_certi_internal_pki.pfx to Manager File Size:4

          2016-02-16 13:43:26,611 INFO  [Thread-15507::Top Victims, ] iv.core.FileTransfer.SSLDecryption - Insert the SSL decryption key to the specified sensor 1004

          2016-02-16 13:43:26,620 ERROR [Thread-15507::Top Victims, ] iv.ui.jsp.SSLEncryptionManager - ***** Invalid SSL decryption key data, (3806)null

          • 2. Re: Unable to upload the PFX certificat on NSM
            MaxPat

            Hi!

             

            You may find this message in the ems.log file:

            INFO  [http-bio-0.0.0.0-443-exec-10] iv.ui.jsp.CSSLKeyUploadServlet - Uploaded File :certificate.p12 to Manager File Size:2
            INFO  [http-bio-0.0.0.0-443-exec-10] iv.core.FileTransfer.SSLDecryption - Insert the SSL decryption key to the specified sensor 1014

             

            Just try to re-import a couple of times...

             

            As per McAfee KB: McAfee Corporate KB - Network Security Platform system fault messages KB55037

             

            Invalid SSL decryption key: The Sensor detects that a particular SSL decryption key is no longer valid; for example, it may be failing to decrypt traffic.

             

            Solution: Re-import the key (which is identified within the error message). The fault will clear itself when the key is determined to be valid.

             

            If error continues, try to generate a new PFX file with different password.

            1 of 1 people found this helpful