[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Not a Certificat Authority
Oi, The error usually only appears when you try to download topology from a management server/firewall module on the same box with no FWZ keys defined, or if you try to download from an enforcement point. The problem has to do with Accept Unauthenticated cleartext topology requests. under policy->properties->desktop security. Uncheck this and it'll go away, but your users will have to authenticated to get topology downloaded. Lemme know if that doesn't get it. CryptoTech Gill wrote: > I have seen it a few times that a firewall (in this case a 4.0 sp > 7) without FWZ encryption defined in the fw object will give an error > about not being a Certificate Authority when an IKE (aka > ISAKMP/Oakley) SecuRemote client attmpts to connect to it. If I define > FWZ on the fw object and create the requisite keys the error goes away, > even if the user or client specifies to use IKE. Why does this happen and > if it is brokenness what can be done to fix it? > > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > --gill | Tatu Ylonen, SSH 1.2.12 README: "Beware that the most effective > | way for someone to decrypt your data may be with a rubber hose." > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|