Intended audience

All IDA users that rely on the Lumina service.

The problem: certificate expiration date on Oct 10th, 2019

IDA has a relatively simple method for checking the server certificate that it receives when connecting to the lumina.hex-rays.com host.

That method was fine as a first shot, but we are now fast approaching the date of October 10th, 2019, which will invalidate the one-year-validity period of the certificate that IDA relies on.

Does that mean IDA won't be able to connect to lumina.hex-rays.com?

Yes, it means just that: IDA will receive the certificate from the lumina.hex-rays.com server, but even before being able to perform its own checks, the basic validation performed by the lower-level (e.g., libssl) will fail due to the certificate having expired.

Is there a workaround?

Yes. We knew this day would happen since the beginning, and until we implement a more traditional certificate chain validation (à la web browser), we have left open the possibility to provide an additional certificate to IDA, in the form a path/to/ida-install/hexrays.crt file.

How to act?

On October 10th, 2019, if you ever notice that IDA fails to contact the lumina.hex-rays.com host, please:

and you should be good to go.

In the future

We intend to implement a proper certification chain mechanism (similar to what browsers do), which is considerably more flexible, but that will be for a later version of IDA. The existing installations will need to use the provided certificate file as a workaround.