Wiki source code of Expiring Certificates
Last modified by Danniar Firdausy on 2024/09/05 12:51
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{container}}{{container layoutStyle="columns"}}((( | ||
| 2 | This document will use the actual root cause analysis information to make a generic view that can be used if you run into the same or similar problem. Finally, the document will describe the situation, the problem, the analysis, and the result. | ||
| 3 | |||
| 4 | Should you have any questions, please get in touch with [[academy@emagiz.com>>mailto:academy@emagiz.com]]. | ||
| 5 | |||
| 6 | == 1. Situation == | ||
| 7 | |||
| 8 | The user was confronted with errors on the flow level, and a previously working connection to an external system suddenly broke down. In these instances, the user got errors indicating a [[certificate>>doc:Main.eMagiz Academy.Microlearnings.Novice.Securing Data Traffic.novice-securing-your-data-traffic-sending-certificates-to-a-webservice.WebHome||target="blank"]] problem (i.e. validity check failed). | ||
| 9 | |||
| 10 | == 2. Problem == | ||
| 11 | |||
| 12 | In this case, the problem is a user confronted with an expired certificate regarding communication with an external party. Sometimes, this is the SSL certificate (that provides the S in HTTPS), and sometimes, this is the client certificate; regardless of the type of certificate, it needs to be replaced by a certificate that is not expired. | ||
| 13 | |||
| 14 | == 3. Analysis == | ||
| 15 | |||
| 16 | === 3.1 Reproduction === | ||
| 17 | |||
| 18 | Given that it was an immediate problem in Production, there was not much time to reproduce the issue. So we hunted down the certificate, which you can do by asking the external party or, in case of an HTTPS connection, by opening the endpoint in the browser and clicking on the icon in front of the address, as shown below. Once you have the new certificate, it becomes a matter of updating the existing resource with the new certificate and redeploying the solution. Depending on the type of resource used, you can either overwrite the resource (i.e., P12) or you first need to create a [[JKS>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.Securing Data Traffic.intermediate-securing-your-data-traffic-creating-a-jks||target="blank"]] including the new certificate before replacing the resource. | ||
| 19 | |||
| 20 | {{warning}}Always replace the resource and do not add a new resource as that can cause other configuration mistakes{{/warning}} | ||
| 21 | |||
| 22 | [[image:Main.Images.RCA-Knowledgebase.WebHome@rca-knowledgebase-expiring-certificates--check-ssl-certificate-chain.png]] | ||
| 23 | |||
| 24 | === 3.2 Analysis === | ||
| 25 | |||
| 26 | By checking the current resource(s) in your flow, you can determine whether the certificate(s) are expired by opening them with the help of external tooling such as Keystore Explorer. | ||
| 27 | |||
| 28 | == 4. Result == | ||
| 29 | |||
| 30 | After updating the resources in the flow to reflect the new certificate(s), the connection between eMagiz and the external party was established again. | ||
| 31 | |||
| 32 | == 5. Suggested Additional Readings == | ||
| 33 | |||
| 34 | * [[Novice (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Novice.WebHome||target="blank"]] | ||
| 35 | ** [[Securing Data Traffic (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.Securing Data Traffic.WebHome||target="blank"]] | ||
| 36 | *** [[What are certificates (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.Securing Data Traffic.novice-securing-your-data-traffic-what-are-certificates.WebHome||target="blank"]] | ||
| 37 | *** [[Sending certificates to a webservice (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.Securing Data Traffic.novice-securing-your-data-traffic-sending-certificates-to-a-webservice.WebHome||target="blank"]] | ||
| 38 | * [[Intermediate (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.WebHome||target="blank"]] | ||
| 39 | ** [[eMagiz Cloud Management (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.eMagiz Cloud Management.WebHome||target="blank"]] | ||
| 40 | *** [[Certificates (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.eMagiz Cloud Management.intermediate-emagiz-cloud-management-certificates||target="blank"]] | ||
| 41 | ** [[Active Monitoring (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.REST Connectivity.WebHome||target="blank"]] | ||
| 42 | *** [[Sending certificates to a REST web service (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.REST Connectivity.intermediate-rest-webservice-connectivity-certificates-when-calling-a-rest-webservice||target="blank"]] | ||
| 43 | ** [[Securing Data Traffic (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.Securing Data Traffic.WebHome||target="blank"]] | ||
| 44 | *** [[Creating a JKS (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.Securing Data Traffic.intermediate-securing-your-data-traffic-creating-a-jks||target="blank"]] | ||
| 45 | * [[Certificates (Search Result)>>url:https://docs.emagiz.com/bin/view/Main/Search?sort=score&sortOrder=desc&highlight=true&facet=true&r=1&f_space_facet=0%2FMain.&f_type=DOCUMENT&f_locale=en&f_locale=&f_locale=en&text=%22certificates%22||target="blank"]] | ||
| 46 | |||
| 47 | )))((({{toc/}}))){{/container}}{{/container}} |