SSL Certificate Renewal is delayed

Incident Report for ISO ClaimSearch

Postmortem

RETROSPECTIVE SUMMARY:

Incident date: 25th March 10:21 PM

Resolution date: 25th March 11:26 PM

Retrospective date: 27th March.

CUSTOMER IMPACT: Delay in the claims process by an hour.

ROOT CAUSE: On March 25th, the certificate for the domain ccacts.iso.com expired. The ACM was unable to renew this certificate as the validation request was not completed by the domain owners. This resulted in the Tokenization SSL error when connecting to CTS, which is impacting the claims being processed.

The lambda step function was retrying multiple times during the certificate expiry.

MONITORING: Are there any improvements in monitoring and alerts? Yes. The Heightens team is already revisiting the existing monitoring to check why the alerts did not trigger during this incident.

Are there any improvements in the troubleshooting process that could reduce the resolution time? The incident management team was not paged during the incident, that delayed in reaching out the incident management team. Reiterate the Dev team to page the incident management team in Pager Duty.

CHANGE: Was this incident caused by a change? No

RCA CATEGORY: Human Error.

CORRECTIVE ACTION: The DNS team approved the validation request, and the certificate was automatically renewed.

PREVENTIVE ACTION ITEMS BY POINT OF FAILURE:

Posted Sep 25, 2023 - 16:21 EDT

Resolved

This incident has been resolved.

Posted Mar 26, 2023 - 10:04 EDT

Update

Customers who have updated to new cert (public cert), will get error while sending XML payload through claimsearchgwp.iso.com. Customers who have not updated to the new cert will not be impacted

Posted Mar 26, 2023 - 08:58 EDT

Identified

If you need to send immediately, please use the prior cert. We are working to resolve the issue with the new certs.

Posted Mar 26, 2023 - 08:40 EDT

This incident affected: System to System Interfaces (XML).