Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Device Certificate - Where to find OTP?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Device Certificate - Where to find OTP?

L4 Transporter

Under Device -> Setup -> Management -> Device Certificate, I am unable to fetch the device certificate.

 

A message box says get your one-time-password from the Customer Support Portal and enter it below.  I tried my 2-factor OTP that I use to login to the support portal, but that doesn't work.  How do I generate the OTP to get the device certificate?

 

I get the error: Failed to fetch device certificate.OTP is not valid

23 REPLIES 23

L0 Member

I recently installed the device certificate and it is valid only for 3 months. Do I have to install it in every 3 months?

Mine last renewed at 4:52am, so I think it is automatic.

I still don't completely understand this.

 

We upgraded to 9.1.4 and now we're required to allow telemetry data to PA?

Or accept a constant high alert in the system logs: no valid device certificate found.

Why not allow customers to opt-in to this kind of functionality or at least explain this in a popup screen like a reminder:

"you need to configure this post-upgrade, etc. or opt-out see: "explanation here  and here"

You are not required to allow telemetry.

 

You can turn it all off on the Device > Setup > Telemetry page. 

 

Telemetry does provide some significant security benefits to individual organizations, and collectively back to the community as a whole.

 

One use case: In the escalating arms race of automation on the attacker side of the equation and as we, in turn, continue to work on the practical applications of automation and AI, your telemetry data can, for example, enable us, the vendor, to initiate immediate, focused, and direct outreach in the event of corner-case configurations that are discovered to be uniquely vulnerable and/or actively in the spotlight of bad actors. Without individual and community-wide participation, certain kinds of detections, assessments, and mitigations, of course, become impossible to make. Hand in hand, the ability to process, store, and apply intelligence to such telemetry data requires data-lake-scale solutions, but not at the expense of assurances of the integrity of the connections to that resource and the integrity and context of the data itself. Thus, the additional requirement for connecting to the data-lake service with the added certificate. 

 

I hope this makes some sense. 

I understand I am not required to allow telemetry. That is not my concern in this.

After the upgrade to 9.1.2+ a high/red alert is repeatedly shown in the system logs that telemetry is simply not configured and cannot be used until, according to the procedure, the certificates are in place.

If anyone is not required to allow telemetry why didn't they choose to:

- Make enabling telemetry participation an opt-in feature, or

- Add a more intuitive notification AND alert (informational): "Telemetry is not configured. Please see manual how to enable it."

 

Just adding a high alert to the system logs, because a new feature is not configured is unnecessary and created some confusion.

Missing/faulty/expired certificates is typically a bad thing and often does need immediate attention. In this case it does not.

L3 Networker

Do we need to renew the certificate every 3 months ??

 

I would also like to know that. We have devices with expired certificates which do not auto-renew. We get error: Failed to renew device certificate. Failed to send request to CSP server. Error: No OCSP response received(dest => 35.238.43.180).

L1 Bithead

Did the OTP page move? I am not seeing a one time password area under assets.

L0 Member

Take a look under Products -> Device Certificates

  • 47559 Views
  • 23 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!