Latest available version: IDA and decompilers v8.1.221006 see all releases
 Login to the shop
Hex-Rays logo State-of-the-art binary code analysis tools
email icon

Intended audience

All users of IDA 7.4 that rely on the Lumina service.

The problem: certificate expiration date on Oct 10th, 2019

IDA 7.4 has a relatively simple method for checking the server certificate that it receives when connecting to the lumina.hex-rays.com host. That method was fine as a first shot, but we are now fast approaching the date of October 10th, 2019, which will invalidate the one-year-validity period of the certificate that IDA relies on.

Does that mean IDA won't be able to connect to lumina.hex-rays.com?

Yes, it means just that: IDA will receive the certificate from the lumina.hex-rays.com server, but even before being able to perform its own checks, the basic validation performed by the lower-level (e.g., libssl) will fail due to the certificate having expired.

Is there a workaround?

Yes. We knew this day would happen since the beginning, and until we implement a more traditional certificate chain validation (à la web browser), we have left open the possibility to provide an additional certificate to IDA, in the form a path/to/ida-install/hexrays.crt file.

How to act?

On October 10th, 2019, if you ever notice that IDA fails to contact the lumina.hex-rays.com host, please: and you should be good to go.

In the future

In IDA 7.5, we implemented a proper certification chain mechanism (similar to what browsers do), so this workaround is not necessary for it or later versions.