Symptoms
- Users are unable to log on. The authentication error displayed to the user is similar to this:
Authentication for user someuser@somedomain.org failed: Unable to create SSO credentials. - When analyzing the log files: in the awingu-worker-smc.service.log file, a similar error can be seen:
2022-11-04 12:55:50.331662 somehost awingu-worker-smc.service[python:15376]: Generating a RSA private key
2022-11-04 12:55:50.368302 somehost awingu-worker-smc.service[python:15376]: ........+++++
2022-11-04 12:55:50.525056 somehost awingu-worker-smc.service[python:15376]: .............................................+++++
2022-11-04 12:55:50.525327 somehost awingu-worker-smc.service[python:15376]: writing new private key to 'private_key.pem'
2022-11-04 12:55:50.525515 somehost awingu-worker-smc.service[python:15376]: -----
2022-11-04 12:55:50.566907 somehost awingu-worker-smc.service[manage.py:1932]: {'errors': ['cannot satisfy request, as TTL would result in notAfter 2022-11-05T12:55:50.563853739Z that is beyond the expiration of the CA certificate at 2022-11-04T20:11:50Z']}
Cause
The Workspace SubCA certificate is about to expire.
The Workspace SubCA issues user certificates with a certain validity period. In this case, it fails because the expiration time of the user certificate would be past its own expiration time.
Resolution
Renew the Workspace SubCA certificate.
How-to: see the admin manual .
Was this article helpful?
Tell us how we can improve it.