0

We have a service behind IHS. Communication between IHS and WLP is encrypted using self signed certificate. Unfortunately we forgot to renew this self-singed certificate causing 500 errors when users hits IHS.

We have observed that the IHS server served traffic even after cert expired (Sept 7 - 1 PM is cert expiry date and time). When requests came in the next day on Sept 8 - IHS started serving 500 errors because cert expired.

Does IHS really validate Date and Time of the cert expiry when communicating with backend (or) Does it only validate only Date of the expiry?

Thanks!

kn9
  • 93
  • 1
  • 9
  • What is the cert expiry and time of failure both in GMT? Tcp and ssl session reuse may delay a full validation for a small amount of time – covener Sep 11 '21 at 10:54
  • Both in local time. Last known successful was 7 hours after cert expiry time. – kn9 Sep 11 '21 at 11:30

1 Answers1

0

Date and time, but only during a full handshake.

http keepalive and ssl session caching/resumption mean a backend can stay authenticated without revalidation any certificate for a long time --as long the server is willing and able to resume ssl sessions

covener
  • 17,402
  • 2
  • 31
  • 45