[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Cert isn't displayed after fw internalca?
This would NOT work until I removed IKE encryption from the fw object and did a policy reload. Cheers, >To make this work you must have close the GUI. Perform an fwstop on the firewall >and management server. Perform the fw internalca command and then the fwstart. Not >performing the fwstop first will ensure it will not work Leaving the GUI open and >then performing fwstop crashes the GUI and prevents the creation of the cert >impossible. > >Also the correct command format is (performed on management server): >fw internalca create -dn "o=company, c=us" -force >fw internalca certify fw_object (Force should not be necessary on this line because >the previous force wiped out everything. Note line doesn't contain "o=company, >c=us") > >cameron. > > > >Dan Hitchcock wrote: > >> This has been buggy for me as well. I have had success with forcibly >> re-creating the cert (add -force at the end of the internalca create line, >> using the same dn as the original cert), then cycling the service using the >> NT control panel. Not sure if something similar would do the trick on *nix. >> >> Dan Hitchcock >> CCNA, MCSE >> Network Engineer >> Xylo, Inc. >>>> The work/life solution for corporate thought leaders >> >> -----Original Message----- >> From: Jeff Newton [mailto:[email protected]] >> Sent: Wednesday, December 06, 2000 11:19 AM >> To: [email protected] >> Subject: [FW1] Cert isn't displayed after fw internalca? >> >> >fwstop >> >cd $FWDIR/bin >> >fw internalca create -dn "o=whatever, c=com" >> >fw internalca certify -o fw_object "o=whatever, c=com" >> >> Anyone know why the cert wouldn't show up in the cert tab of the fw >> object after the above is done? >> >> Cheers, >> >> ---- >> Jeff Newton >> >> ====================================================================== ====== >> ==== >> To unsubscribe from this mailing list, please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ====================================================================== ====== >> ==== >> >> ====================================================================== ========== >> To unsubscribe from this mailing list, please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ====================================================================== ========== ---- Jeff Newton Security Analyst PMC-Sierra Inc. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|