This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
pauline
Absent Member.
Absent Member.
‎2016-02-24 13:48
9000 views

fortifyclient token -gettoken

One of our developers gets the error from fortifyclient when he tried to get an AnalysisUploadToken with the command line.

fortifyclient -url [http://ourSSCurl] -user [username] token -gettoken AnalysisUploadToken

Enter Password:

Enter Password:

Invalid timestamp The security semantics of the message have expired.

However, when I tested it I could successfully get the token.

He is in Europe and my office and SSC server are in Canada.

Is this about time difference? Please advise how to resolve this.

Thank you.

0 Likes
Reply
Report Inappropriate Content
3 Replies
andersonshatch
Vice Admiral
Vice Admiral
‎2016-02-24 14:01

Time zone doesn't matter, but the UTC time on both server and client has to be within around 5 minutes of each other. I suggest checking that the times on both sides are accurate; NTP is recommended.

0 Likes
Reply
Report Inappropriate Content
pauline
Absent Member.
Absent Member.
‎2016-02-24 16:27

Thank you for your reply.

I checked the time on the server and it seems correct and the developer said the time on his pc is correct as well.

Is there any way that I can check it on the ssc log or somewhere?

0 Likes
Reply
Report Inappropriate Content
andersonshatch
Vice Admiral
Vice Admiral
‎2016-02-24 16:54

You could check the recent output in the ssc.log or ssc_audit.log to make sure the time is close if you don't have other access to that machine. You can trigger an event to be logged by logging into SSC.

Or, you could add -debug onto your fortifyclient command on a machine where fortifyclient is working, and search for "wsu:Created"; this should yield the time that response was served per the SSC host's time.

Adding -debug onto the fortifyclient command on the machine that isn't working and searching again for "wsu:Created" will yield the time that machine created the request, and "wsu:Expires" will show the time after which that message should be rejected by the server.

Both server and client date times should be in UTC and within 5 minutes of each other to allow this API to function.

-Josh

Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.