Code Room
On-callHardoc-g305
Subject Mtls failureLevel Senior–Staff~40 minCommon in Reliability & on-call interviewsIndustries Technology

Question

Your services validate peer certs in mTLS and, per a new security policy, now perform online revocation checking (OCSP) on every handshake. At 13:00 — no cert expired, no policy/cert change — a broad swath of internal mTLS handshakes start slowing to multi-second and then failing intermittently across many service pairs. Dashboards: peer certs are all valid and unexpired; the failures correlate with timeouts reaching an external OCSP responder URL; that responder is slow today. CPU/memory normal everywhere. How do you triage and mitigate?

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.