fortifyclient token -gettoken

One of our developers gets the error from fortifyclient when he tried to get an AnalysisUploadToken with the command line.

fortifyclient -url [http://ourSSCurl] -user [username] token -gettoken AnalysisUploadToken

Enter Password:

Enter Password:

Invalid timestamp The security semantics of the message have expired.

However, when I tested it I could successfully get the token.

He is in Europe and my office and SSC server are in Canada.

Is this about time difference? Please advise how to resolve this.

Thank you.

Parents
  • You could check the recent output in the ssc.log or ssc_audit.log to make sure the time is close if you don't have other access to that machine. You can trigger an event to be logged by logging into SSC.

    Or, you could add -debug onto your fortifyclient command on a machine where fortifyclient is working, and search for "wsu:Created"; this should yield the time that response was served per the SSC host's time.

    Adding -debug onto the fortifyclient command on the machine that isn't working and searching again for "wsu:Created" will yield the time that machine created the request, and "wsu:Expires" will show the time after which that message should be rejected by the server.

    Both server and client date times should be in UTC and within 5 minutes of each other to allow this API to function.

    -Josh

Reply
  • You could check the recent output in the ssc.log or ssc_audit.log to make sure the time is close if you don't have other access to that machine. You can trigger an event to be logged by logging into SSC.

    Or, you could add -debug onto your fortifyclient command on a machine where fortifyclient is working, and search for "wsu:Created"; this should yield the time that response was served per the SSC host's time.

    Adding -debug onto the fortifyclient command on the machine that isn't working and searching again for "wsu:Created" will yield the time that machine created the request, and "wsu:Expires" will show the time after which that message should be rejected by the server.

    Both server and client date times should be in UTC and within 5 minutes of each other to allow this API to function.

    -Josh

Children
No Data