Why parts of the OO (Operations Orchestration) application continue working if the certificate expired

  • KM03241430
  • 06-Sep-2018
  • 06-Sep-2018

This document has not been formally reviewed for accuracy and is provided "as is" for your convenience.


OO Certificate Functionality Facts


Why parts of the OO application continue working if the certificate expired?


Why parts of the application continued working if the certificate expired?


Normally, when the certificates are not working, very few things are working - meaning the tomcat will work, but your browser access will be stopped by the brwoser due to invalid (expired) certificate or any request to OO will get an SSL hanshake exception.
When you renewed the certificate with CA root one, *all was working , except execution*.

Why it was working for the rest? Because you have a new , valid certificate that you present to all other parties.  The key.store from which i present the certificate has a good certificate. Why should there be any problem?
Why only execution does not work? Because the workers (internal or external)  need to trust the Central to which they are connecting  ( they connect through the mgmt.url, and even though that is http , it still redirect through https internally for this request). Once you add this CA root certificate to the  central/var/security/client.truststore (for internal) , or /ras/var/security/client.truststore ( to the external ras) , all is fine.

On the other hand, FIPS is only related to the level of encryptions and algorithms  and security providers (cryptographic modules) used by java to encrypt all that needs to be secured.