Layer7 API Management

  • Private Community
 View Only

  • 1.  Certificate Not Verified After Restart?!

    Posted Jun 27, 2018 09:49 AM

    Wondering if anyone has run into this... I noticed that outbound calls to services under SSL began failing after a restart.  I checked the certificate store (through policy manager) and the cert was still registered and up to date.  Removing and re-applying the certificate fixed the problem, but its not expected behavior.  Any hints?

     

    My logs show:

     

    Problem routing to ***** Certificate not verified. Caused by: Certificate ****** path validation and/or revocation checking failed

     

    Why would a restart cause this behavior?

     

    Thanks,

     

    Alejandro



  • 2.  Re: Certificate Not Verified After Restart?!
    Best Answer

    Broadcom Employee
    Posted Jul 03, 2018 07:54 PM

    Dear acalbazana ,

    You may start from this KB article,

    Certificate-Related Errors in Audits and Logs of t - CA Knowledge 

     

    Just a guess, when a certificate (or other entity/object) is used often, it might be cached in memory. The change on policy manage might not apply immediately due to the cache. After you restart ssg, the change will 100% take effect. Therefore, your case might be due to a change on the certificate which would cause the problem, but it didn't take effect (therefore you didn't know it) until you restarted ssg.

     

    Restarting ssg should not change the certificate, it just reloads the certificate from database, so the change must be done before restart.

     

    Regards,

    Mark