Cannot use expired or none existing certificate
Article ID: 245406
Updated On: 07-06-2022
Products
Symantec ZTNA
Issue/Introduction
As an administrator, I am trying to install the Secure Access Cloud (SAC) connector in a Docker container but getting an error message:
time="2022-06-16T13:55:56Z" level=info msg="Creating certificate request" connectorVersion=2.10.5+4078 PID=13
time="2022-06-16T13:55:58Z" level=info msg="Renewing certificate" connectorVersion=2.10.5+4078 PID=13
time="2022-06-16T13:55:59Z" level=error msg="Error while refreshing certificate" connectorVersion=2.10.5+4078 error="Unable to pull new certificate: bad status code: expected 200: got 500" PID=13
time="2022-06-16T13:55:59Z" level=warning msg="Failed to open connection" ApplicationId=control ClientSessionId=xxxxxx-xxxx-xxxx-xxxxxxxxxx Location="wss://luminate-ws.testaccount.luminatesec.com/v1/connector-orchestrator/xxxxxx-xxxx-xxxx-xxxxxxxxxx/control?connector-version=2.10.5%2B4078" connectorVersion=2.10.5+4078 error="Can't use expired or none existing certificate" PID=13
Environment
- Secure Access Cloud
- Dockers Compose
Cause
When a site SAC site is saved, the portal provides a pop-up with a command to be run in dockers. This command contains a one-time passcode (OTP) and it is valid for only 24 hours.
If the command is run after 24 hours, the certificate error shown above will be displayed.
Resolution
You will need to delete this old connector in the SAC portal and create a new one. This new one needs to be deployed within 24 hours.
To delete an outdated docker container, complete the following steps:
- Enter the following command to find the CONTAINER_ID:
docker ps -a
- Run the following command with the appropriate CONTAINER_ID:
Sudo docker rm CONTAINER_ID
For additional information about removing an outdated docker container, refer to the Docker basic commands article.
Additional Information
Reference:
Feedback
Yes
No
Powered by
