search cancel

ASM script monitors are not working after certificate renewal

book

Article ID: 237723

calendar_today

Updated On:

Products

CA App Synthetic Monitor

Issue/Introduction

We replaced an expired cert (issued from DigiCert  CA) with a new certificate and when testing we get the following errors. Please note that the cert (p12 and pem) used for authentication is issued by a private CA. We are encountering following errors.

-96 : pemString not allowed to be null or empty

Cause

It seems like there is a issue within the current jmeter agent that causes this problem. We've separated the CA and client certificates in the UI (now they are independent) but this change was not reflected in the jmeter agent. Thus, if any of the CA or the client certificate is empty the check fails with an exception from the agent complaining about the missing (empty) certificate.

Environment

Release : SAAS

Component : APP SYNTHETIC MONITOR ENVIRONMENTAL

Resolution

Fix for the issue:

We have fixed this issue and it will be included in the next hotfix. (No ETA on the hotfix yet).

Workaround for the issue:

For now, you can fix the problem by uploading any (public) certificate to the CA field. Best option is to copy (or download) the existing client certificate file. There are 3 blocks in that file, one is private and 2 public. Remove 2 of them, keep just one public block and upload this file as a CA file. This will fix the issue. Once the bug is fixed you can delete the CA certificate from the monitor definition.

Attachments