PingIntelligence

Troubleshooting mismatch of self-signed certificates

If the ASE certificate is changed after the deployment of PingIntelligence policy and it doesn’t match with the certificate present in the ase.pem certificate file, you might encounter SSL related issues.

About this task

To resolve these issues:

Steps

  1. Undeploy the PingIntelligence policy by following either of the two options as applicable:

    Choose from:

  2. To obtain the correct certificate to match what’s in the ase.pem file, run the following command.

    # openssl s_client -showcerts -connect <ASE IP address>:<port no> </dev/null 2>/dev/null | openssl x509 -outform PEM > ase.pem
  3. Paste the correct certificate in the/opt/pingidentity/pi/apigee/certs/ase.pem file.

  4. Redeploy the PingIntelligence policy by following either of the two options as applicable:

    Choose from: