All users of IDA 7.4 that rely on the Lumina service.
The problem: certificate expiration date on Oct 10th, 2019
IDA 7.4 has a relatively simple method for checking the server certificate
that it receives when connecting to the
That method was fine as a first shot, but we are now fast approaching
the date of October 10th, 2019, which will invalidate the
one-year-validity period of the certificate that IDA relies on.
Does that mean IDA won’t be able to connect to lumina.hex-rays.com?
Yes, it means just that: IDA will receive the certificate from the
server, but even before being able to perform
its own checks, the basic validation performed by the lower-level
) will fail due to the certificate having expired.
Is there a workaround?
Yes. We knew this day would happen since the beginning, and until we
implement a more traditional certificate chain validation (à la web
browser), we have left open the possibility to provide an additional
certificate to IDA, in the form a
How to act?
On October 10th, 2019, if you ever notice that IDA fails to contact
- download hexrays.crt (shasum:
- place it either:
- next to IDA, in IDA’s installation dir, or
%APPDATA%\Hex-Rays\IDA Pro (on Windows), or
~/.idapro (on Linux & OSX)
and you should be good to go.
In the future
In IDA 7.5, we implemented a proper certification chain mechanism (similar
to what browsers do), so this workaround is not necessary
for it or later versions.