Resolving certificate errors

When a certificate is in an errored state you will see a warning banner at the top of the Certificate details page.

There are many reasons why a certificate might be in error. For example, maybe the Certificate Authority template may have been misconfigured, or the certificate authority server may have been down. Once the underlying issue is resolved, you can use TLS Protect to continue the process. In general, you will be able to take action on an errored certificate if your user account has the following permissions:

  • View
  • Write

There are several ways to resolve the error, depending on the specific error.

On the first line of the banner, you see the type of error. Error types include:

  • Renewal Error
  • Enrollment Error
  • Installation Error
  • Revoked

The second line shows the specific error message. This information will help you determine how to proceed.

The steps to correct the error depend on whether the error is due to an issue within a certificate or not. Two typical actions to resolve issues are:

  • Cancel the request. If you need to make changes to the request itself, either because information is missing or is invalid, you must cancel the process, fix the issue, then resubmit the request.

    For example, you may need to provide a missing certificate authority, fix a duplicate private key, etc. Once you have addressed the underlying data problem, you will resubmit the request which will also kick of any necessary approvals.

  • Retry the request. If the problem encountered was temporary in nature, and not related to the data in the request, you have the option to retry the request. :

    Some errors are not data problems. For example, you may have experienced a network outage, or the certificate authority may have been unavailable when the original request was processed. In these cases, where no data change is necessary, you can simply retry the request after the issue is resolved.

EXAMPLE  In the image above, the specific error message is "Missing Certificate Authority, unable to process." To resolve this error, you would click Actions > Cancel the Renewal, then open the certificate and add a certificate authority, then start the renewal process again by clicking Actions > Renew Now.

The Action button allows you to easily attempt to resolve the issue. The action button options will depend on the type of current process that was being attempted, and will change, depending on the specific error message, as well as your account's permissions relative to the certificate.

If you click the cancel action, a window shows information related to what will happen if you cancel the pending action. You must click Yes, Cancel Request to finalize the action.