Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] `fw internalca` certificate creation problem

To: [email protected]
Subject: [FW-1] `fw internalca` certificate creation problem
From: Steve Loughran <[email protected]>
Date: Fri, 7 Jun 2002 19:41:24 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi all

FW-1 3DES v4.1+SP5
Solaris 2.6 on management host (plus firewall/enforcement module)
Solaris 7 (33 bit) on remaining hosts (firewall modules only)

Got a bit of a strange problem here...... The first FW unit i configured (a
while back) was a combined management and firewall enforcement unit. I ran
the `fw internalca` command to create an internal ca server, and then
certified that unit. No problem.

Now I need to create certificates for newer firewall units that use the
first host as the management host, I cannot get the command to work:

as per the CP hybrid mode PDF file:
    prompt# fwstop
    <shuts down correctly>
    prompt# fw internalca certify -o fw-2 "o=someorg, c=uk"
    failed to create certificate
    Unknown problem, rc = -278752792

or as per my CP support team recomendation:
    prompt# fwstop
    <shuts down correctly>
    prompt# fw internalca certify -o fw-2 -dn "o=someorg, c=uk"
    failed to create certificate
    Unknown problem, rc = -278752792

$FWDIR and $PATH have all the right details in them.

I am assuming that I should be running this command on the management host,
but its not working for some reason. Does anyone have any ideas?

As always, any help would be greatly appreciated.

--

Steve

-------------------------------------------------
Steve Loughran, Network Infrastructure Manager
Sony Computer Entertainment Europe (Cambridge)
Yamaha YZF1000R Thunderace
ICQ#: 12666311 (Work), 104426046 (Laptop)
Team Waste - Where do you want to go wrong today?

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] `fw internalca` certificate creation problem
  - From: Xena Warrior <[email protected]>

Prev by Date: [FW-1] AW: [FW-1] HTTP security server woes on NG... frustration level r ising...
Next by Date: Re: [FW-1] MSN and Yahoo messenger
Previous by thread: Re: [FW-1] AW: [FW-1] HTTP security server woes on NG... frustration level r ising...
Next by thread: Re: [FW-1] `fw internalca` certificate creation problem
Index(es):
- Date
- Thread