[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] `fw internalca` certificate creation problem
fw internalca certify -o <objectname> -dn "o=company, c=uk" should be right. If you're using the -force option, at least your Securemoteusers which are using Hybride Mode must do a new topology download. This doesn't affects site-to-site vpns using shared secret. SAM -----Original Message----- From: Steve Loughran [mailto:[email protected]] Sent: Freitag, 7. Juni 2002 20:41 To: [email protected] Subject: [FW-1] `fw internalca` certificate creation problem Hi all FW-1 3DES v4.1+SP5 Solaris 2.6 on management host (plus firewall/enforcement module) Solaris 7 (33 bit) on remaining hosts (firewall modules only) Got a bit of a strange problem here...... The first FW unit i configured (a while back) was a combined management and firewall enforcement unit. I ran the `fw internalca` command to create an internal ca server, and then certified that unit. No problem. Now I need to create certificates for newer firewall units that use the first host as the management host, I cannot get the command to work: as per the CP hybrid mode PDF file: prompt# fwstop <shuts down correctly> prompt# fw internalca certify -o fw-2 "o=someorg, c=uk" failed to create certificate Unknown problem, rc = -278752792 or as per my CP support team recomendation: prompt# fwstop <shuts down correctly> prompt# fw internalca certify -o fw-2 -dn "o=someorg, c=uk" failed to create certificate Unknown problem, rc = -278752792 $FWDIR and $PATH have all the right details in them. I am assuming that I should be running this command on the management host, but its not working for some reason. Does anyone have any ideas? As always, any help would be greatly appreciated. -- Steve ------------------------------------------------- Steve Loughran, Network Infrastructure Manager Sony Computer Entertainment Europe (Cambridge) Yamaha YZF1000R Thunderace ICQ#: 12666311 (Work), 104426046 (Laptop) Team Waste - Where do you want to go wrong today? ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|