Certificate creation, update, and assignment events

Certificate management events found in the audit log.

Topics

Event fields

Access Gateway audit log certificate events include the following information:

Field

Description

TIMESTAMP

Current system date and time

HOSTNAME

Hostname of node generating event

APPLICATION

Always ERROR

- - - - - -
Subsustem Always [ XNIO-2 Task-xx]
Message Associated error message.

Certificate events

Events logged when adding, updating, or assigning certificates. See About Access Gateway Certificates and Certificate management for more information.

Invalid protected web resource value

Description: While adding an application using the Access Gateway Admin UI console, an attempt was made to generate a self-signed certificate based on an invalid Protected web resource file.

Messages:

  • 'value.gateway.info' is not a valid hostname.

Examples:

  • 2020-08-10 15:40:10.938 ERROR 1336 --- [ XNIO-2 task-11] c.okta.oag.web.rest.CertificateResource : 'value.gateway.info' is not a valid hostname.
  • Structured data:
    • None
  • Corrective action :
    • Examine the value of the associated applications Protected web resource and try again.
  • Missing protected web resource value

    Description: While adding an application using the Access Gateway Admin UI console, an attempt was made to generate a self-signed certificate based on an invalid or missing Protected web resource file.

    Messages:

    • No value for relayDomain

    Examples:

    • 2020-08-10 15:36:49.769 ERROR 1336 --- [ XNIO-2 task-2] c.i.s.web.rest.ExceptionHandlerAdvice : handleExceptions org.springframework.boot.configurationprocessor.json.JSONException: No value for relayDomain
  • Structured data:
    • None
  • Corrective action :
    • Examine the value of the associated applications Protected web resource, correct any errors, and try again.
  • Can't read certificate

    Description: While adding or updating a certificate using the Access Gateway Management console, an invalid certificate was provided.

    Messages:

    • Failed to read certificate.

    Examples:

    • 2020-08-10 15:42:30.583 ERROR 1336 --- [ XNIO-2 task-11] com.okta.oag.service.CertificateService : Failed to read certificate from file /opt/oag/nginx/ssl//test.crt. Error: /opt/oag/nginx/ssl/test.crt (Permission denied) This is generated while reading certificate and any certificate is lacking read permission.
  • Structured data:
    • None
  • Corrective action :
    • Ensure that the certificate being uploaded is valid and check permissions.
  • Invalid certificate format

    Description: While adding or updating a certificate using the Access Gateway Management console, an invalid certificate was provided.

    Messages:

    • Error: Could not parse certificate.

    Examples:

    • 2020-08-10 15:41:51.682 ERROR 1336 --- [ XNIO-2 task-11] com.okta.oag.service.CertificateService : Failed parse certificate file /opt/oag/nginx/ssl//test.crt. Error: Could not parse certificate: java.io.IOException: Empty input This is generated when certificate file being read is not a valid PEM format certificate file i.e. parsing error.
  • Structured data:
    • None
  • Corrective action :
    • Ensure that the certificate being uploaded is valid and try again.
  • Related topics