The Invalid PKI object message indicates that a rule is utilizing a resigning certificate that is no longer available. If the rules become invalid the appliance will go into bypass mode.
Jan 22 09:38:08 sslmanage Activation request sent to data-plane Jan 22 09:38:08 ssldata Failed to use RSA internal CA in rule 3 from ruleset 'ruleset1': 0x3b00c82c Jan 22 09:38:08 ssldata SSLe:Modification [0x3b00c82c;code:44;sub:200] Invalid PKI object Jan 22 09:38:08 ssldata Failed to parse ruleset associated with segment 'zone1': 0x3b00c82c
This generally means that a certificate that is being utilized in a rule is no longer available. This means that it has been deleted from the PKI store. A review of the rules noted in the log message will indicate which PKI object is being used.
In order to correct this issue, you will need to delete the rule that is using the old PKI object. You will then need to create a new rule with a new PKI object or one that already exists on the appliance.
Imported Document ID: 000029483
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.