ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
All segments are down on the SSL Visability appliance and appliance has gone into bypass state.
Article ID: 168922
SSL Visibility Appliance Software
The Invalid PKI object message indicates that a rule is utilizing a resigning certificate that is no longer available. If the rules become invalid the appliance will go into bypass mode.
Jan 22 09:38:08 sslmanage Activation request sent to data-plane Jan 22 09:38:08 ssldata Failed to use RSA internal CA in rule 3 from ruleset 'ruleset1': 0x3b00c82c Jan 22 09:38:08 ssldata SSLe:Modification [0x3b00c82c;code:44;sub:200] Invalid PKI object Jan 22 09:38:08 ssldata Failed to parse ruleset associated with segment 'zone1': 0x3b00c82c
This generally means that a certificate that is being utilized in a rule is no longer available. This means that it has been deleted from the PKI store. A review of the rules noted in the log message will indicate which PKI object is being used.
In order to correct this issue, you will need to delete the rule that is using the old PKI object. You will then need to create a new rule with a new PKI object or one that already exists on the appliance.