Cannot use expired or none existing certificate
search cancel

Cannot use expired or none existing certificate

book

Article ID: 245406

calendar_today

Updated On:

Products

Symantec ZTNA

Issue/Introduction

As an administrator, I am trying to install the Secure Access Cloud (SAC) connector in a Docker container but getting an error message:

time="2022-06-16T13:55:56Z" level=info msg="Creating certificate request" connectorVersion=2.10.5+4078 PID=13
time="2022-06-16T13:55:58Z" level=info msg="Renewing certificate" connectorVersion=2.10.5+4078 PID=13
time="2022-06-16T13:55:59Z" level=error msg="Error while refreshing certificate" connectorVersion=2.10.5+4078 error="Unable to pull new certificate: bad status code: expected 200: got 500" PID=13
time="2022-06-16T13:55:59Z" level=warning msg="Failed to open connection" ApplicationId=control ClientSessionId=xxxxxx-xxxx-xxxx-xxxxxxxxxx Location="wss://luminate-ws.testaccount.luminatesec.com/v1/connector-orchestrator/xxxxxx-xxxx-xxxx-xxxxxxxxxx/control?connector-version=2.10.5%2B4078" connectorVersion=2.10.5+4078 error="Can't use expired or none existing certificate" PID=13

Environment

  • Secure Access Cloud
  • Dockers Compose

 

Cause

When a site SAC site is saved, the portal provides a pop-up with a command to be run in dockers. This command contains a one-time passcode (OTP) and it is valid for only 24 hours. 

If the command is run after 24 hours, the certificate error shown above will be displayed.

Resolution

You will need to delete this old connector in the SAC portal and create a new one. This new one needs to be deployed within 24 hours.

To delete an outdated docker container, complete the following steps:

  • Enter the following command to find the CONTAINER_ID:
docker ps -a
  • Run the following command with the appropriate CONTAINER_ID:
Sudo docker rm CONTAINER_ID

For additional information about removing an outdated docker container, refer to the Docker basic commands article.

Additional Information

Reference: