SUPPORT / SAMPLES & SAS NOTES
Problem Note 63529: SAS® Viya® microservices repeatedly reissue Transport Layer Security (TLS) certificates
 |  |  |  |  |
Approximately nine months after initial deployment, SAS Viya microservices began repeatedly reissuing their TLS certificates every 30 seconds, resulting in the following messages in the microservice log:
2018-09-24 10:51:59.842 INFO 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [VAULT_CERTIFICATE_FOUND] Found valid SSL certificate in Vault for: localhost
2018-09-24 10:51:59.855 WARN 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_PAUSE] Pausing tomcat to update the SSL configuration.
2018-09-24 10:51:59.911 INFO 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_RESUME] Resuming normal tomcat operations after updating SSL configuration.
2018-09-24 10:51:59.913 INFO 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [SSL_CERTIFICATE_REISSUE] The SSL certificate is scheduled to be reissued at 2018-09-24T10:52:29.912-0400
2018-09-24 10:52:29.954 INFO 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [VAULT_CERTIFICATE_FOUND] Found valid SSL certificate in Vault for: localhost
2018-09-24 10:52:29.962 WARN 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_PAUSE] Pausing tomcat to update the SSL configuration.
2018-09-24 10:52:30.017 INFO 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_RESUME] Resuming normal tomcat operations after updating SSL configuration.
2018-09-24 10:52:30.017 INFO 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [SSL_CERTIFICATE_REISSUE] The SSL certificate is scheduled to be reissued at 2018-09-24T10:53:00.017-0400
2018-09-24 10:53:00.060 INFO 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [VAULT_CERTIFICATE_FOUND] Found valid SSL certificate in Vault for: localhost
2018-09-24 10:53:00.070 WARN 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_PAUSE] Pausing tomcat to update the SSL configuration.
2018-09-24 10:53:00.125 INFO 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_RESUME] Resuming normal tomcat operations after updating SSL configuration.
2018-09-24 10:53:00.125 INFO 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [SSL_CERTIFICATE_REISSUE] The SSL certificate is scheduled to be reissued at 2018-09-24T10:53:30.125-0400
2018-09-24 10:51:59.855 WARN 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_PAUSE] Pausing tomcat to update the SSL configuration.
2018-09-24 10:51:59.911 INFO 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_RESUME] Resuming normal tomcat operations after updating SSL configuration.
2018-09-24 10:51:59.913 INFO 1177 --- [51:59.793-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [SSL_CERTIFICATE_REISSUE] The SSL certificate is scheduled to be reissued at 2018-09-24T10:52:29.912-0400
2018-09-24 10:52:29.954 INFO 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [VAULT_CERTIFICATE_FOUND] Found valid SSL certificate in Vault for: localhost
2018-09-24 10:52:29.962 WARN 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_PAUSE] Pausing tomcat to update the SSL configuration.
2018-09-24 10:52:30.017 INFO 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_RESUME] Resuming normal tomcat operations after updating SSL configuration.
2018-09-24 10:52:30.017 INFO 1177 --- [52:29.912-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [SSL_CERTIFICATE_REISSUE] The SSL certificate is scheduled to be reissued at 2018-09-24T10:53:00.017-0400
2018-09-24 10:53:00.060 INFO 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [VAULT_CERTIFICATE_FOUND] Found valid SSL certificate in Vault for: localhost
2018-09-24 10:53:00.070 WARN 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_PAUSE] Pausing tomcat to update the SSL configuration.
2018-09-24 10:53:00.125 INFO 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [TOMCAT_RESUME] Resuming normal tomcat operations after updating SSL configuration.
2018-09-24 10:53:00.125 INFO 1177 --- [53:00.017-0400]] c.s.c.rest.boot.vault.CertificateUtil : service [SSL_CERTIFICATE_REISSUE] The SSL certificate is scheduled to be reissued at 2018-09-24T10:53:30.125-0400
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Viya | Linux for x64 | 3.3 | 3.5 | ||
| Microsoft Windows Server 2016 | 3.3 | 3.5 | ||||
| Microsoft Windows Server 2012 R2 Std | 3.3 | 3.5 | ||||
| Microsoft Windows Server 2012 R2 Datacenter | 3.3 | 3.5 | ||||