Invalid active certificates cause logs to fill up with the error "Unable to load certificate " when the Events process runsDescriptionInvalid active certificates cause logs to fill up with the error "Unable to load certificate " when the. Events process runs SEVERE *** ERROR *** Unable to load certificate : xxxxxxxxjava.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty inputat sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:110)at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)at com.glide.certificates.CertificateUtil.getX509Certificate(CertificateUtil.java:67)at com.glide.certificates.CertificateUtil.getPEMCert(CertificateUtil.java:57)at com.glide.certificates.DBKeyStoreFactory.loadCertificate(DBKeyStoreFactory.java:207)at com.glide.certificates.DBKeyStoreFactory.loadStore(DBKeyStoreFactory.java:154)at com.glide.communications.GlideTrustStoreManager.loadCacertsKeyStore(GlideTrustStoreManager.java:58)at com.glide.certificates.DBKeyStoreFactory.createTrustStore(DBKeyStoreFactory.java:60)at com.glide.certificates.DBKeyStoreSocketFactory.init(DBKeyStoreSocketFactory.java:103)at com.glide.certificates.DBKeyStoreSocketFactory.<init>(DBKeyStoreSocketFactory.java:93)at com.glide.sys.security.HTTPProtocolProfileRegistry.initializeDBKeystoreSocketFactory(HTTPProtocolProfileRegistry.java:111)at com.glide.sys.security.HTTPProtocolProfileRegistry.registerProtocolWithKeystore(HTTPProtocolProfileRegistry.java:84)at com.glide.sys.security.HTTPProtocolProfileRegistry.loadPropertyProtocols(HTTPProtocolProfileRegistry.java:76)at com.glide.sys.security.HTTPProtocolProfileRegistry.load(HTTPProtocolProfileRegistry.java:50)at sun.reflect.GeneratedMethodAccessor343.invoke(Unknown Source)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.lang.reflect.Method.invoke(Method.java:498)at com.glide.communications.HTTPClient.registerOtherProtocols(HTTPClient.java:148)at com.glide.communications.HTTPClient.registerProtocols(HTTPClient.java:134)at com.glide.communications.HTTPClient.initialize(HTTPClient.java:127)at com.glide.communications.HTTPClient.<init>(HTTPClient.java:86)at com.glide.notification.glidefacade.GlideHTTPClientProxyImpl.<init>(GlideHTTPClientProxyImpl.java:17)at com.glide.notification.glidefacade.GlideHTTPClientProxyImpl$$FastClassByGuice$$f05c4312.newInstance(<generated>)at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40)at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60)at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85)at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:54)at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978)at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024)at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974)at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013)at com.glide.notification.cmn.MessagingMessageSender.<init>(MessagingMessageSender.java:27)at com.glide.notification.cmn.NotificationMessage.getSender(NotificationMessage.java:135)at com.glide.notification.cmn.NotificationMessage.send(NotificationMessage.java:100)at com.glide.notification.cmn.NotificationActionHandler.send(NotificationActionHandler.java:100)at com.glide.notification.cmn.NotificationActionHandler.process(NotificationActionHandler.java:72)at com.glide.policy.EventProcessor.processEventDuringNormalOperation(EventProcessor.java:213)at com.glide.policy.EventProcessor.processEvent(EventProcessor.java:138)at com.glide.policy.EventProcessor.process(EventProcessor.java:92)at com.glide.policy.EventManager.processEvents(EventManager.java:291)at com.glide.policy.EventManager._process(EventManager.java:166)at com.glide.policy.EventManager.processDelegatedEvents(EventManager.java:140)at com.glide.script.GlideSystem.js_processDelegatedEvents(GlideSystem.java:731)at sun.reflect.GeneratedMethodAccessor300.invoke(Unknown Source)CauseThese errors are seen if there are any invalid certificates on the instance. You can run the following script from Scripts Background to identify the invalid certificates on the instance: var gr = new GlideRecord("sys_certificate"); gr.addQuery("active", "true"); gr.query(); var count = 0 while(gr.next()){ try{ gs.print("Checking cert name = " + gr.name + gr.type ); var valid = new SNC.CertificateValidator().validate(gr); if(!valid){ //gs.addErrorMessage(gs.getMessage('InValid ' + gr.type + " name = " + gr.name)) } }catch(e){ gs.addErrorMessage(gs.getMessage(e)); } }ResolutionDeactivate or Delete the Invalid certificates identified above.Additional InformationIt is possible the errors in the logs are related to an expired certificate in a Keystore: In some OOB instances the Keystore: saml2sp_keystore is active, however the certificate inside it is expired. This can be verified using the following command: keytool -v -list -keystore saml2sp_keystore (for password hit enter). On many instances this Certificate is configured as the default certificate for SAML authentication for the purpose of "Encryption and Signing requests". If this is one of the certificates mentioned in the error logs please refer to this KB article prior to disabling it: Steps to migrate from expiring SAML 2.0 SP Keystore to new Keystore(KB0994948 )