Strata Logging Service connection in Panorama UI shows "Unable to connect to API gateway. (56, 'OpenSSL SSL_read: error:xxxxx:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired, errno 0')".

Strata Logging Service connection in Panorama UI shows "Unable to connect to API gateway. (56, 'OpenSSL SSL_read: error:xxxxx:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired, errno 0')".

5008
Created On 07/01/24 02:48 AM - Last Modified 08/23/24 07:33 AM


Symptom


  • Strata Logging Service connection in Panorama UI shows "Unable to connect to API gateway. (56, 'OpenSSL SSL_read: error:xxxxx:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired, errno 0')".
GUI: Panorama > Cloud Services > Status menu > Status tab > Strata Logging Service
strata_logging_service_error
 

Environment


  • Panorama managed Prisma Access
  • Strata Logging Service(Previously Cortex Data Lake)

Cause


  • Panorama does not have a valid certificate.
  • Using "show device-certificate status" displays the expired certificate.
> show device-certificate status

Device Certificate information:
Current device certificate status: Expired
Not valid before: 2024/03/23 22:57:29 JST
Not valid after: 2024/06/21 22:57:28 JST
Last fetched timestamp: 2024/03/23 23:07:29 JST
Last fetched status: success
Last fetched info: Successfully fetched Device Certificate

Resolution


  1. Replace the expired device certificate. Procedures are here.
  2. Delete the license and certificate.
  3. Create a new certificate with the new one-time password (OTP). This will also create a new certificate.
  4. Follow the procedure documented at "Reset Your Panorama Managed Prisma Access License".
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HDTHCA4&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language