Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] `fw internalca` certificate creation problem

To: [email protected]
Subject: Re: [FW-1] `fw internalca` certificate creation problem
From: Steve Loughran <[email protected]>
Date: Fri, 14 Jun 2002 19:00:04 +0100
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Man thanks to all that responded with help on this. I -force recreated the
internal CA, -force re-certified the existing firewall certificate, and can
now certify the others without any problems.

Steve

----- Original Message -----
From: "Samuel Wuethrich" <[email protected]>
To: <[email protected]>
Sent: Monday, June 10, 2002 7:16 AM
Subject: Re: [FW-1] `fw internalca` certificate creation problem


> fw internalca certify -o <objectname> -dn "o=company, c=uk" should be
right.
> If you're using the -force option, at least your Securemoteusers which are
> using Hybride Mode must do a new topology download.
> This doesn't affects site-to-site vpns using shared secret.
>
>
> SAM
>
> -----Original Message-----
> From: Steve Loughran [mailto:[email protected]]
> Sent: Freitag, 7. Juni 2002 20:41
> To: [email protected]
> Subject: [FW-1] `fw internalca` certificate creation problem
>
>
> Hi all
>
> FW-1 3DES v4.1+SP5
> Solaris 2.6 on management host (plus firewall/enforcement module) Solaris
7
> (33 bit) on remaining hosts (firewall modules only)
>
> Got a bit of a strange problem here...... The first FW unit i configured
(a
> while back) was a combined management and firewall enforcement unit. I ran
> the `fw internalca` command to create an internal ca server, and then
> certified that unit. No problem.
>
> Now I need to create certificates for newer firewall units that use the
> first host as the management host, I cannot get the command to work:
>
> as per the CP hybrid mode PDF file:
>     prompt# fwstop
>     <shuts down correctly>
>     prompt# fw internalca certify -o fw-2 "o=someorg, c=uk"
>     failed to create certificate
>     Unknown problem, rc = -278752792
>
> or as per my CP support team recomendation:
>     prompt# fwstop
>     <shuts down correctly>
>     prompt# fw internalca certify -o fw-2 -dn "o=someorg, c=uk"
>     failed to create certificate
>     Unknown problem, rc = -278752792
>
> $FWDIR and $PATH have all the right details in them.
>
> I am assuming that I should be running this command on the management
host,
> but its not working for some reason. Does anyone have any ideas?
>
> As always, any help would be greatly appreciated.
>
> --
>
> Steve
>
> -------------------------------------------------
> Steve Loughran, Network Infrastructure Manager
> Sony Computer Entertainment Europe (Cambridge)
> Yamaha YZF1000R Thunderace
> ICQ#: 12666311 (Work), 104426046 (Laptop)
> Team Waste - Where do you want to go wrong today?
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] `fw internalca` certificate creation problem
  - From: Samuel Wuethrich <[email protected]>

Prev by Date: Re: [FW-1] VPN with only firewall's ip public address
Next by Date: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
Previous by thread: Re: [FW-1] `fw internalca` certificate creation problem
Next by thread: [FW-1] Intrusion detection system!
Index(es):
- Date
- Thread