0

I have a Client code relying on Jboss 5.1 which uses self signed certificates for connecting to credit card servers over HTTPS. Certificate expired on 03-13-2015 9:55 AM and it got replaced the following day around 8:00 PM.

This is relatively simple fix but the strange one we noted is the we had certain number of requests (around 600) successfully passed to credit card servers between 03-13-2015 9:55 AM - 04-13-2015 9:55 AM and then none of the requests were successful since then until the fix for certificates were applied.

Did any one come across this scenario who can help me find the root cause of this ?

smhvrtyj
  • 1

1 Answers1

0

... Certificate expired on 03-13-2015 9:55 AM

.. successfully passed to credit card servers between 03-13-2015 9:55 AM - 04-13-2015 9:55 AM

The expiration of the servers certificate is checked against the local time on the client. The simplest explanation thus is that these clients had the clock on their system off by exactly one day.

Community
  • 1
Steffen Ullrich
  • 13,227
  • 27
  • 39
  • Verified the time on both servers, both are equal. Just in case if your find this information useful, there are X front end servers which sends requests to the server which is hosting the services before sending the request to the credit card servers. – smhvrtyj Mar 16 '15 at 22:01
  • If these are always the same clients than it might be that they still use the same HTTPS connection to send the requests, i.e. HTTP keep-alive. The certificate is only checked once at the beginning of the connection. – Steffen Ullrich Mar 17 '15 at 05:21
  • 1
    Another option would be that the relevant processes run with a different timezone setting compared to the systems local time. There are various ways to achieve this in UNIX systems, like setting the TZ variable. – Steffen Ullrich Mar 17 '15 at 05:53