Code Room
On-callHard
Question
Your services validate peer certs in mTLS and, per a new security policy, now perform online revocation checking (OCSP) on every handshake. At 13:00 — no cert expired, no policy/cert change — a broad swath of internal mTLS handshakes start slowing to multi-second and then failing intermittently across many service pairs. Dashboards: peer certs are all valid and unexpired; the failures correlate with timeouts reaching an external OCSP responder URL; that responder is slow today. CPU/memory normal everywhere. How do you triage and mitigate?
What a strong answer looks like
Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.
Learn the concepts
Loading whiteboard…
Run or narrate your approach, then ask the coach.