cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Unexpected error in cf_cert

Jump to solution

I received this error (print bellow) after trying to save changes on admin console, while i was trying to resolve a vpn problem. I dont know what is causing this error.

vpnerror.png

Any suggestions?

**Sorry for my english, if i wrote something wrong ok**

1 Solution

Accepted Solutions

Re: Unexpected error in cf_cert

Jump to solution

Thanks sliedl for assisting me.

I restarted the firewall and the changes on admin console go back to save.

Best regards!

8 Replies
sliedl
Level 14
Report Inappropriate Content
Message 2 of 9

Re: Unexpected error in cf_cert

Jump to solution

I think what you did was enter a DN wrong on one of your certificates (if you don't put 'CN=' at the beginning of the DN the firewall will still save it but the VPN code will error out on the cert).

You can run this command for a quick output of your certs and their DN outputs to see if you can spot which one does not begin with 'CN=':

cf -TK name,dn cert q client

Re: Unexpected error in cf_cert

Jump to solution

thanks for your answer sliedl.

command output:

command.png

DN outputs are ok i think. what do you think?

sliedl
Level 14
Report Inappropriate Content
Message 4 of 9

Re: Unexpected error in cf_cert

Jump to solution

I agree, I don't see any problems with those DNs.  Run the same command except now it's for the Firewall Certificates and not the Remote/client Certificates (replace 'client' with 'fw' in the same command, at the end):

cf -TK name,dn cert q fw

Re: Unexpected error in cf_cert

Jump to solution

Thanks a lot for your help again sliedl.

Command output:

DN outputs for the Firewall Certificates its ok.

Observing the error message "TSWGenericError: TSWGenericError: genkey error: import: failed to update database entry with key values

algorithm: rsa", is there any command to verify the firewall database integrity?

sliedl
Level 14
Report Inappropriate Content
Message 6 of 9

Re: Unexpected error in cf_cert

Jump to solution

Oh wait, I know which cert area this is now.


Run this command (do not paste the results back here):

cf -TK name,dn cert q id

In the 'dn' column that shows up you'll see one of the Remote Identities has some string for the DN and it should be cn=some string.  You can edit this DN string under the Remote Identities tab in the Certificate Management page and just add cn= to the beginning of the string and Save it.

Re: Unexpected error in cf_cert

Jump to solution

Thanks again.

The command output is empty, and i tried to create a new Remote Identity but i am still unable to save because of error in cf_cert:

name dn

---- --

sliedl
Level 14
Report Inappropriate Content
Message 8 of 9

Re: Unexpected error in cf_cert

Jump to solution

I suggest calling into Support so we can see your configuration over a remote session.

Re: Unexpected error in cf_cert

Jump to solution

Thanks sliedl for assisting me.

I restarted the firewall and the changes on admin console go back to save.

Best regards!

ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.