ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

ASM script monitors are not working after certificate renewal


Article ID: 237723


Updated On:


CA App Synthetic Monitor


We replaced an expired cert (issued from DigiCert  CA) with a new certificate and when testing we get the following errors. Please note that the cert (p12 and pem) used for authentication is issued by a private CA. We are encountering following errors.

-96 : pemString not allowed to be null or empty


It seems like there is a issue within the current jmeter agent that causes this problem. We've separated the CA and client certificates in the UI (now they are independent) but this change was not reflected in the jmeter agent. Thus, if any of the CA or the client certificate is empty the check fails with an exception from the agent complaining about the missing (empty) certificate.


Release : SAAS



Fix for the issue:

We have fixed this issue and it will be included in the next hotfix. (No ETA on the hotfix yet).

Workaround for the issue:

For now, you can fix the problem by uploading any (public) certificate to the CA field. Best option is to copy (or download) the existing client certificate file. There are 3 blocks in that file, one is private and 2 public. Remove 2 of them, keep just one public block and upload this file as a CA file. This will fix the issue. Once the bug is fixed you can delete the CA certificate from the monitor definition.