Symantec Virtual Appliance (SVA) import fails with error “Invalid OVA file” in Unified Management Console (UMC) with version Data Center Security (DCS) 6.7 and before.

book

Article ID: 164190

calendar_today

Updated On:

Products

Data Center Security Monitoring Edition Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

When you import the SVA ova file for the first time or to import newer version, the import fails. 

In the UMC interface a red Error bar displays with the text "Invalid OVA file".

In the sis-server.log you also see the error:

[ERROR] [http-bio-4443-exec-3:58] CertPathValidatorException - timestamp check failed

java.security.cert.CertPathValidatorException: timestamp check failed

Cause

DCS 6.7 SVA OVA file is signed with a certificate that will expire in Jan 2017.

During import, this fails validation by the DCS Manager resulting in import failure and above error.

Resolution

Update the DCS database to accept a 5 year validity certificate

  1. Download msde-svacert.sql from this KB article.
  2. Login to system where the DCS database is hosted.
  3. Open command prompt and run below command, this will update DCS database:

sqlcmd –d <DATABASE NAME> -S <SERVER NAME OR IP>\SCSP -i c:\msde-svacert.sql

Example: sqlcmd -d scspdb -S WIN-M01DKIA09PN\SCSP -i c:\msde-svacert.sql

 

Import SVA OVA of 5 year validity

  1. Download latest SVA OVA file from this KB.
  2. Verify it was successfully downloaded completely by checking the MD5.
  3. Login in to UMC then go to Settings -> Integration.
  4. In the Symantec Virtual Appliance section, import the SVA OVA.
    This will import new sva.ova which have certificate validity of 5 years.

Attachments

Symantec_Security_Virtual_Appliance_6.7.0.113_EN.ova get_app
msde-svacert.sql get_app
MD5SUMS.txt get_app