Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
You cannot gain console access to the UAGA browser error similar to "You can't visit uag.fqdn.domain right now because the certificate has been revoked. Network errors and Attacks are usually temporary, so this page will probably work later."
This KB is to outline a scenario where you cannot gain access to the administrative console of the UAG appliance and recovery is needed.
Network and browser errors tend to be transient. Please ensure these causes are ruled out before proceeding with Recovery. Potential Causes: Revocation by the Certificate Authority (CA): The most common reason for a certificate error "ERR_CERT_REVOKED" is that the certificate has been revoked by the CA. This can happen if the certificate was issued incorrectly, if the private key was compromised, or if the certificate holder no longer needs the certificate. Certificates can also be accidentally revoked due to simple administrative error. Expired certificate: Another reason for a certificate error "ERR_CERT_REVOKED" is that the certificate has expired. Certificates have a limited lifespan, and if the certificate is not renewed before it expires, it will no longer be valid.Incorrect certificate installation: If the certificate is not installed correctly, it can cause a certificate error"ERR_CERT_REVOKED". This can happen if the certificate is installed on the wrong server or if the certificate is not installed in the correct format. Network issues: Network issues can also cause a certificate error "ERR_CERT_REVOKED". This can happen if the network connection is unstable or if there is a problem with the DNS server. Browser issues: Sometimes, the browser itself can cause a certificate error "ERR_CERT_REVOKED". This can happen if the browser is outdated or if there is a problem with the browser settings.
Note: If your configuration is documented or you have the ini file from deployment backed up, redeployment of the UAG can be a viable alternative to this process. For more information on deploying a new or fresh instance of UAG, please refer to the article Unified Access Gateway(UAG): How to Deploy and Configure for Horizon View (78420). This article provides a step-by-step guide to deploying and configuring UAG for Horizon View. 1. Ensure you have appropriate access to the console or an SSH session to the appliance: Photon O/S documentation for enabling SSH: Permitting Root Login with SSH 2. Take an appropriate backup of the UAG before attempting any changes. 3. Navigate to the following location on your UAG appliance shell root@UAG [ ~ ]# cd /opt/vmware/gateway/certs/ 4. Within this directory, you will find two files: root@UAG1 [ /opt/vmware/gateway/certs ]# ls admin_accesspoint.jkadmin_accesspoint.jk.pw 5. Back up these files using a suitable method such as an SFTP client or file transfer tool like WinSCP.6. Delete these 2 files only. Note that this is a destructive command, and care and attention are required when executing it. root@UAG1 [ /opt/vmware/gateway/certs ]# rm admin_accesspoint.jk root@UAG1 [ /opt/vmware/gateway/certs ]# rm admin_accesspoint.jk.pw 7. Restart the Unified Access Gateway (UAG)
This is a child article of Unified Access Gateway(UAG): Certificate Configuration and Troubleshooting(91732)