SSLV interface went down once ruleset are being imported from another box. Checked from var/log/messages and the following was found
Dec 1 06:34:20 abc123 sslmanage: ? Activation request sent to data-plane
Dec 1 06:34:20 abc123 ssldata: # Failed to activate default RSA internal CA in ruleset 'ruleset1': 0x3b00c82c
Dec 1 06:34:20 abc123 ssldata: # Failed to parse ruleset associated with segment 'zone1': 0x3b00c82c
Dec 1 06:34:20 abc123 ssldata: # Rule parser: failure:SSLe:Modification [0x3b00c82c;code:44;sub:200] Invalid PKI object
Dec 1 06:34:20 abc123 ssldata: ! Deactivate (Activation failure):SSLe:Modification [0x3b00c82c;code:44;sub:200] Invalid PKI object
Checked that one of the rule is point to an unknown CA under "Default RSA and EC Internal Certificate Authority". There were also a Decrypt (Resign Certificate) rule which the "RSA Resigning CA" had a empty value.
Interface came back up once the ruleset and decrypt rule is pointed to the correct CA
Imported Document ID: 000029178
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.