Applies to:
DigiCert_Certificate_Import_2.ps1 at coolsolutions.venafi.com
Symptom:
The import starts, but the API calls made by Venafi/TPP stop shortly after, and resume about an hour later. This continues until the import is completed. In the Discovery Job logs, you will see "CA Import - Preview Started" about once an hour.
Cause:
The script contains two variables ($global:max_api_calls and $global:SleepSeconds) that control the amount of API calls that will be performed. Once the limit is reached, the script will "rest" for about an hour before resuming where it left off. This is to prevent reaching the API rate limiting imposed by DigiCert:
https://dev.digicert.com/en/certcentral-apis/services-api/rate-limits.html
Resolution:
Increase the value of $global:max_api_calls from the default of 500 to a larger number.
Increase the value of $global:SleepSeconds from the default of -1 to a value of 1.
Example:
$global:max_api_calls = 3000
$global:SleepSeconds = 1
More Information:
Increasing the $global:max_api_calls value can cause errors if the rate limit for DigiCert API is reached.
Check the "Debug Logging" checkbox on the Discovery Job page to watch what the script is doing, and to ensure the API calls do not exceed the rate limit.
Logs will be generated in <Venafi Install Directory>\Logs
(C:\Program Files\Venafi\Logs)
Below is an example log with $global:max_api_calls increased to 1500
We see the import process start, followed by current state. The processed_id is 0 and LastProcessedID is -1 which indicates this is the first time the job has been run:
2023-01-26-11-53-51 : Starting import process to TPP
2023-01-26-11-53-51 : processed_id: 0 and LastProcessedId: -1
The log will include a count of API calls made as it progresses:
2023-01-26-11-58-42 : Processing order 199665609 and made 171 API Calls so far
2023-01-26-12-06-25 : Processing order 243505941 and made 773 API Calls so far
About 25 minutes after the job starts, we see the Max API calls value is reached (1500):
2023-01-26-12-16-48 : Processing order 335172464 and made 1502 API Calls so far
2023-01-26-12-16-48 : Set last id to 335172464
2023-01-26-12-16-48 : 1502 is greater than 1500
A summary is provided for the first round that shows the job is "Incomplete":
2023-01-26-12-16-55 : Returning to TPP - result: Incomplete - processed_id: 335172464
2023-01-26-12-16-55 : Finished import process - returning 622 certificates to TPP
The script will wait for about an hour, and will pick up where it left off. We see LastProcessedId equals 335172464 and this is where the script will begin importing again:
2023-01-26-13-17-03 : Starting import process to TPP
2023-01-26-13-17-03 : Set the LastProcessedId to: 335172464 as it was passed in
2023-01-26-13-17-03 : processed_id: 0 and LastProcessedId: 335172464
When complete, you will see a result of "Success" with another summary:
2023-01-26-13-21-20 : Returning to TPP - result: Success - processed_id: 352201004
2023-01-26-13-21-20 : Finished import process - returning 71 certificates to TPP
Comments