ASM script monitors are not working after certificate renewal
search cancel

ASM script monitors are not working after certificate renewal

book

Article ID: 237723

calendar_today

Updated On:

Products

CA App Synthetic Monitor

Issue/Introduction

We replaced an expired cert (issued from DigiCert  CA) with a new certificate and when testing we get the following errors. Please note that the cert (p12 and pem) used for authentication is issued by a private CA. We are encountering following errors.

-96 : pemString not allowed to be null or empty

 

Environment

DX SaaS SYNTHETIC MONITOR 

 

Cause

CA and client certificates are independent in the UI but this change was not reflected in the jmeter agent. Thus, if any of the CA or the client certificate is empty the check fails with an exception from the agent complaining about the missing (empty) certificate.

Resolution

Workaround:

Upload any (public) certificate to the CA field in the ASM UI.

Steps:

1) Copy (or download) the existing client certificate file.

2) There are 3 blocks in that file, one is private and 2 public. Remove 2 of them, keep just one public block and upload this file as a CA file.

3) You can delete the CA certificate from the monitor definition.