Certificate creation, update, and assignment events

Certificate management events found in the audit log and all logs.

Event fields

Access Gateway audit log certificate events include the following information:

Field

Description

TIMESTAMP

Current system date and time

HOSTNAME

Hostname of node generating event

APPLICATION

Always ERROR
- - - Always "- - -"
Subsystem Always [ XNIO-2 Task-xx]
Message Associated error message.

Certificate events

Events logged when adding, updating, or assigning certificates. See Certificate use and Manage certificates and certificate chains for more information. This includes both traditional certificates, or those actions associated with certificate chain authentication.

Can't read certificate

Description: While adding or updating a certificate using the Access Gateway Management console, an invalid certificate was provided.

Messages:

  • Failed to read certificate.

Examples:

  • 2020-08-10 15:42:30.583 ERROR 1336 --- [ XNIO-2 task-11] com.okta.oag.service.CertificateService : Failed to read certificate from file /opt/oag/nginx/ssl//test.crt. Error: /opt/oag/nginx/ssl/test.crt (Permission denied) This is generated while reading certificate and any certificate is lacking read permission.
  • Structured data:
    • None
  • Corrective action :
    • Ensure that the certificate being uploaded is valid and check permissions.

    • Invalid certificate format

    Description: While adding or updating a certificate using the Access Gateway Management console, an invalid certificate was provided.

    Messages:

    • Error: Could not parse certificate.

    Examples:

    • 2020-08-10 15:41:51.682 ERROR 1336 --- [ XNIO-2 task-11] com.okta.oag.service.CertificateService : Failed parse certificate file /opt/oag/nginx/ssl//test.crt. Error: Could not parse certificate: java.io.IOException: Empty input This is generated when certificate file being read is not a valid PEM format certificate file i.e. parsing error.
  • Structured data:
    • None
  • Corrective action :
    • Ensure that the certificate being uploaded is valid and try again.

    • Invalid protected web resource value

    Description: While adding an application using the Access Gateway Admin UI console, an attempt was made to generate a self-signed certificate based on an invalid protected web resource file.

    Messages:

    • 'value.gateway.info' is not a valid hostname.

    Examples:

    • 2020-08-10 15:40:10.938 ERROR 1336 --- [ XNIO-2 task-11] c.okta.oag.web.rest.CertificateResource : 'value.gateway.info' is not a valid hostname.
  • Structured data:
    • None
  • Corrective action :
    • Examine the value of the associated application's protected web resource and try again.

    • Missing protected web resource value

    Description: While adding an application using the Access Gateway Admin UI console, an attempt was made to generate a self-signed certificate based on an invalid or missing protected web resource file.

    Messages:

    • No value for relayDomain

    Examples:

    • 2020-08-10 15:36:49.769 ERROR 1336 --- [ XNIO-2 task-2] c.i.s.web.rest.ExceptionHandlerAdvice : handleExceptions org.springframework.boot.configurationprocessor.json.JSONException: No value for relayDomain
  • Structured data:
    • None
  • Corrective action :
    • Examine the value of the associated applications protected web resource, correct any errors, and try again.

    • Certificate revocation list settings updated

    Description: Settings associated with certificate revocation lists were updated.

    Messages:

    • CRL config updated.

    Examples:

    • 2020-08-10 15:36:49.769 ERROR 1336 --- [ XNIO-2 task-2] c.i.s.web.rest.ExceptionHandlerAdvice : handleExceptions org.springframework.boot.configurationprocessor.json.JSONException: No value for relayDomain
  • Structured data:
    • None
  • Corrective action :
    • None

    • Related topics