When deploying Pivotal Application Service, you see the following error from the replication canary job:

{"timestamp":"1503955776.123849869","source":"/var/vcap/packages/replication-canary/bin/replication-canary","message":"/var/vcap/packages/replication-canary/bin/replication-canary.uaa-client.fetch-token-from-uaa-start","log_level":1,"data":{"endpoint":{"Scheme":"https","Opaque":"","User":null,"Host":"uaa.run.[host]","Path":"/oauth/token","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":""},"session":"3"}}

{"timestamp":"1503955776.155642509","source":"/var/vcap/packages/replication-canary/bin/replication-canary","message":"/var/vcap/packages/replication-canary/bin/replication-canary.uaa-client.error-fetching-token","log_level":2,"data":{"error":"Post https://uaa.run.[host]/oauth/token: x509: certificate signed by unknown authority","session":"2"}} 

Pivotal Application Service components enforce strict SSL verification in PCF 1.11 and 1.12. Using a self-signed certificate can lead to the error above.

If you are not using SSL encryption or if you are using self-signed certificates, you can disable SSL verification in the Pivotal Application Service tile configuration. From the Networking section, select Disable SSL certificate verification for this environment. Selecting this check box also disables SSL verification for route services.

For production deployments, Pivotal does not recommend disabling SSL certificate verification.

See the following topics for information about configuring SSL certificates in your Pivotal Application Service deployment:

• Securing Traffic into Cloud Foundry
• Providing a Certificate for Your SSL/TLS Termination Point