NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Upgrading Fw-1,Vpn1 4.1 Module to NG (Sic,certificatealreadyexists)

  • To: [email protected]
  • Subject: Re: [FW-1] Upgrading Fw-1,Vpn1 4.1 Module to NG (Sic,certificatealreadyexists)
  • From: RENATA CARVALHO VINCOLETTO <[email protected]>
  • Date: Fri, 26 Apr 2002 15:01:53 -0300
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcHtTCWzDMUhBQ/kQVmQhQwY4PdXQQAAEMoA
  • Thread-topic: Re: [FW-1] Upgrading Fw-1,Vpn1 4.1 Module to NG (Sic,certificatealreadyexists)
First, you must be on the management console. Type:
fw sic_reset
This will wipe your internal CA and stop the firewall. Next, run
"cpconfig" and reinitialize your internal CA. Finally, restart the
firewall (cpstart), and log in. Your GUI should ask you to verify a new
fingerprint.
Warning: you may get the error: 

*** Checking IKE Certificates ***
There are IKE Certificates that were generated by the
internal Certificate Authority.
Please remove them (using the Policy Editor) so that
the internal Certificate Authority can be destroyed.

SIC Reset operation could not be completed
This indicates an object(s), most likely your firewall, has an IKE cert
under the VPN tab. You must delete this cert to continue. If you can't
get into the GUI because the cert is boned, you must edit
$FWDIR/conf/objects_5_0.C after stopping the firewall and edit your
firewall object. You will see a "certificates" subsection that looks
like:
:certificates (
: (demone-auth
:AdminInfo (
:chkpf_uid ("{8AD40054-F442-433D-B561-14D7AC7657E2}")
:ClassName (certificate)
)
:"#certreq-pki-gen" (false)
:"#pki-host-cert-set" (false)
:ca (ReferenceObject
:Name (InterSecRoot)
:Table (servers)
:Uid ("{29CF35A6-D330-4D75-B2BE-A1FE45E4B0BB}")
)
:dn ("CN=Administrator,[email protected]")
:pkisignkey (177eac7c923f71adc618f6a7)
:status (signed)
:stored.at (management_server)
)
Modify this so it looks like:
:certificates ()
and start your firewall. Try "fw sic_reset" again.

Renata Vincoletto
Siemens Business Service - TS W/Security
tel 55 11 3908-2121


-----Original Message-----
From: Juan Antonio Garza Garza [mailto:[email protected]] 
Sent: ta-feira, 26 de abril de 2002 14:31
To: [email protected]
Subject: Re: [FW-1] Upgrading Fw-1,Vpn1 4.1 Module to NG
(Sic,certificatealreadyexists)


Thanks Gertraud,
    Mhh does anyone know how to revoke an SSLKey from NG's SVN?

Best Regards,


Gertraud Unterreitmeier wrote:

> Hello Juan,
>
> using OpenSSL you can only have one valid Certificate for
> the same name. There you first have to revokate or expire this 
> certificate. Might be the same with Checkpoint Certificates.
>
> Regards,
>
> Gertraud
>
> Juan Antonio Garza Garza schrieb:
> >
> > Hi,
> >          We had a Fw Managment+Enfocement Module 4.1, and another 
> > Enforcment Module (fw-1+vpn1) 4.1.
> >
> >          We upgraded to NG FP1 the Managment Module Machine, 
> > succesfully.
> >          When we are trying to Upgrade the Enforcment, when we try 
> > to reconfigure the object with NG FP1, and try to intialize SIC it 
> > give us the nex error:
> >          A certificate with this name already exists, please specify

> > a different name and try again.
> >
> > Does anyone knows how to correct this?
> >
> > Regards,
> > --
> > Juan Antonio Garza Garza
> > Gerente de STR
> > C  I  T  I
> > Sendero Sur 285 Colonia Contry Monterrey, NL 64860 Mexico Tel (528) 
> > 357 2267, ext. / Fax 357 8047
> > Pager: 5105702  tel: 1511111
> > e-mail: [email protected]
> > http://www.citi.com.mx
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail 
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at 
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your subscription 
> > options, email [email protected]
> > =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail 
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at 
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected] 
> =================================================

--
Juan Antonio Garza Garza
Gerente de STR
C  I  T  I
Sendero Sur 285 Colonia Contry Monterrey, NL 64860 Mexico
Tel, ext. / Fax 357 8047
Pager: 5105702  tel: 1511111
e-mail: [email protected]
http://www.citi.com.mx

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

As informações contidas neste "e-mail" e nos arquivos anexados, são para o uso exclusivo do destinatário aqui indicado, e podem conter segredos comerciais, de propriedade intelectual ou outras informações confidenciais, protegidas pelas leis aplicáveis. Caso não seja o destinatário correto, esteja notificado, pelo presente, que qualquer revisão, leitura, cópia e/ou divulgação do conteúdo deste "e-mail" são estritamente proibidas e não autorizadas. Por favor, apague o conteúdo do "e-mail" e notifique o remetente imediatamente. Obrigado por sua cooperação.

The information contained in this e-mail and in the attached files are for the exclusive use of the addressee herein nominated, and may contain trade secrets, privileged and other confidential information, protected by the applicable laws. In case you are not the right addressee, you are hereby notified that any reviewing, reading, copying and/or distributing of this e-mail's content is strictly prohibited and unauthorized. Please, delete the e-mail's content and notify the sender immediately. Thank you for your cooperation.


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.