|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] `fw internalca` certificate creation problem
Steve, I cannot say for certain what the effects will be. (Maybe someone else on the list can jump in here) You may need to revoke and re-create the existing certificate for the FW module that is on same box as your management station. Secure Remote users may need to update site information. It should not, however, affect any existing site to site VPNs that use pre-shared secret for authentication. Regards --- Steve Loughran <[email protected]> wrote: > Many thanks for that, I will give that a go on > Monday when I get back to > work. Will there be any strange effects from me > recreating the CA on the > management server? Or once I have force recreated > the CA, created the certs, > and pushed the policies to all the firewalls, will > it just be as if nothing > had really happened? > > Steve > > ----- Original Message ----- > From: "Xena Warrior" <[email protected]> > To: <[email protected]> > Sent: Saturday, June 08, 2002 11:13 AM > Subject: Re: [FW-1] `fw internalca` certificate > creation problem > > > > Steve, > > > > you may consider recreating the CA on management > > station with the -force option at end of > command. > > > > Then try to create individual certificates for the > > external FW modules. > > > > HTH > > > > > > --- Steve Loughran <[email protected]> > wrote: > > > Hi all > > > > > > FW-1 3DES v4.1+SP5 > > > Solaris 2.6 on management host (plus > > > firewall/enforcement module) > > > Solaris 7 (33 bit) on remaining hosts (firewall > > > modules only) > > > > > > Got a bit of a strange problem here...... The > first > > > FW unit i configured (a > > > while back) was a combined management and > firewall > > > enforcement unit. I ran > > > the `fw internalca` command to create an > internal ca > > > server, and then > > > certified that unit. No problem. > > > > > > Now I need to create certificates for newer > firewall > > > units that use the > > > first host as the management host, I cannot get > the > > > command to work: > > > > > > as per the CP hybrid mode PDF file: > > > prompt# fwstop > > > <shuts down correctly> > > > prompt# fw internalca certify -o fw-2 > > > "o=someorg, c=uk" > > > failed to create certificate > > > Unknown problem, rc = -278752792 > > > > > > or as per my CP support team recomendation: > > > prompt# fwstop > > > <shuts down correctly> > > > prompt# fw internalca certify -o fw-2 -dn > > > "o=someorg, c=uk" > > > failed to create certificate > > > Unknown problem, rc = -278752792 > > > > > > $FWDIR and $PATH have all the right details in > them. > > > > > > I am assuming that I should be running this > command > > > on the management host, > > > but its not working for some reason. Does anyone > > > have any ideas? > > > > > > As always, any help would be greatly > appreciated. > > > > > > -- > > > > > > Steve > > > > > > > ------------------------------------------------- > > > Steve Loughran, Network Infrastructure Manager > > > Sony Computer Entertainment Europe (Cambridge) > > > Yamaha YZF1000R Thunderace > > > ICQ#: 12666311 (Work), 104426046 (Laptop) > > > Team Waste - Where do you want to go wrong > today? > > > > > > > ================================================= > > > To set vacation, Out Of Office, or away > messages, > > > send an email to > [email protected] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [email protected] > > > > ================================================= > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! - Official partner of 2002 FIFA World Cup > > http://fifaworldcup.yahoo.com > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
