Problem Note 63529: SAS® Viya® microservices repeatedly reissue Transport Layer Security (TLS) certificates
 |  |  |  |  |
Approximately nine months after initial deployment, SAS Viya microservices began repeatedly reissuing their TLS certificates every 30 seconds, resulting in the following messages in the microservice log:
2018-09-24 10:51:59.842 INFO 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [VAULT_CERTIFICATE_FOUND] Found valid SSL certificate in Vault for: localhost
2018-09-24 10:51:59.855 WARN 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_PAUSE] Pausing tomcat to update the SSL configuration.
2018-09-24 10:51:59.911 INFO 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_RESUME] Resuming normal tomcat operations after updating SSL configuration.
2018-09-24 10:51:59.913 INFO 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [SSL_CERTIFICATE_REISSUE] The SSL certificate is scheduled to be reissued at 2018-09-24T10:52:29.912-0400
2018-09-24 10:52:29.954 INFO 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [VAULT_CERTIFICATE_FOUND] Found valid SSL certificate in Vault for: localhost
2018-09-24 10:52:29.962 WARN 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_PAUSE] Pausing tomcat to update the SSL configuration.
2018-09-24 10:52:30.017 INFO 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_RESUME] Resuming normal tomcat operations after updating SSL configuration.
2018-09-24 10:52:30.017 INFO 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [SSL_CERTIFICATE_REISSUE] The SSL certificate is scheduled to be reissued at 2018-09-24T10:53:00.017-0400
2018-09-24 10:53:00.060 INFO 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [VAULT_CERTIFICATE_FOUND] Found valid SSL certificate in Vault for: localhost
2018-09-24 10:53:00.070 WARN 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_PAUSE] Pausing tomcat to update the SSL configuration.
2018-09-24 10:53:00.125 INFO 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_RESUME] Resuming normal tomcat operations after updating SSL configuration.
2018-09-24 10:53:00.125 INFO 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [SSL_CERTIFICATE_REISSUE] The SSL certificate is scheduled to be reissued at 2018-09-24T10:53:30.125-0400
2018-09-24 10:51:59.855 WARN 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_PAUSE] Pausing tomcat to update the SSL configuration.
2018-09-24 10:51:59.911 INFO 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_RESUME] Resuming normal tomcat operations after updating SSL configuration.
2018-09-24 10:51:59.913 INFO 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [SSL_CERTIFICATE_REISSUE] The SSL certificate is scheduled to be reissued at 2018-09-24T10:52:29.912-0400
2018-09-24 10:52:29.954 INFO 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [VAULT_CERTIFICATE_FOUND] Found valid SSL certificate in Vault for: localhost
2018-09-24 10:52:29.962 WARN 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_PAUSE] Pausing tomcat to update the SSL configuration.
2018-09-24 10:52:30.017 INFO 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_RESUME] Resuming normal tomcat operations after updating SSL configuration.
2018-09-24 10:52:30.017 INFO 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [SSL_CERTIFICATE_REISSUE] The SSL certificate is scheduled to be reissued at 2018-09-24T10:53:00.017-0400
2018-09-24 10:53:00.060 INFO 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [VAULT_CERTIFICATE_FOUND] Found valid SSL certificate in Vault for: localhost
2018-09-24 10:53:00.070 WARN 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_PAUSE] Pausing tomcat to update the SSL configuration.
2018-09-24 10:53:00.125 INFO 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_RESUME] Resuming normal tomcat operations after updating SSL configuration.
2018-09-24 10:53:00.125 INFO 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [SSL_CERTIFICATE_REISSUE] The SSL certificate is scheduled to be reissued at 2018-09-24T10:53:30.125-0400
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Viya | Linux for x64 | 3.3 | 3.5 | ||
| Microsoft Windows Server 2016 | 3.3 | 3.5 | ||||
| Microsoft Windows Server 2012 R2 Std | 3.3 | 3.5 | ||||
| Microsoft Windows Server 2012 R2 Datacenter | 3.3 | 3.5 | ||||
An update for this issue is available for SAS Viya 3.4. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.4 for Linux Deployment Guide at
http://documentation.sas.com/?softwareId=administration&softwareVersion=3.4&softwareContextId=softwareUpdates| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2019-01-23 10:35:24 |
| Date Created: | 2019-01-22 15:44:59 |