cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Highlighted
danubio
danubio
Level 8
Report Inappropriate Content
Message 1 of 9
‎11-05-2015 09:59 AM

Unexpected error in cf_cert

Jump to solution

I received this error (print bellow) after trying to save changes on admin console, while i was trying to resolve a vpn problem. I dont know what is causing this error.

vpnerror.png

Any suggestions?

**Sorry for my english, if i wrote something wrong ok**

0 Kudos
Reply
1 Solution

Accepted Solutions
danubio
danubio
Level 8
Report Inappropriate Content
Message 9 of 9
‎11-23-2015 05:29 AM

Re: Unexpected error in cf_cert

Jump to solution

Thanks sliedl for assisting me.

I restarted the firewall and the changes on admin console go back to save.

Best regards!

0 Kudos
Reply
8 Replies
sliedl
sliedl
Level 14
Report Inappropriate Content
Message 2 of 9
‎11-05-2015 11:59 AM

Re: Unexpected error in cf_cert

Jump to solution

I think what you did was enter a DN wrong on one of your certificates (if you don't put 'CN=' at the beginning of the DN the firewall will still save it but the VPN code will error out on the cert).

You can run this command for a quick output of your certs and their DN outputs to see if you can spot which one does not begin with 'CN=':

cf -TK name,dn cert q client

0 Kudos
Reply
danubio
danubio
Level 8
Report Inappropriate Content
Message 3 of 9
‎11-06-2015 04:16 AM

Re: Unexpected error in cf_cert

Jump to solution

thanks for your answer sliedl.

command output:

command.png

DN outputs are ok i think. what do you think?

0 Kudos
Reply
sliedl
sliedl
Level 14
Report Inappropriate Content
Message 4 of 9
‎11-09-2015 12:29 PM

Re: Unexpected error in cf_cert

Jump to solution

I agree, I don't see any problems with those DNs.  Run the same command except now it's for the Firewall Certificates and not the Remote/client Certificates (replace 'client' with 'fw' in the same command, at the end):

cf -TK name,dn cert q fw

0 Kudos
Reply
danubio
danubio
Level 8
Report Inappropriate Content
Message 5 of 9
‎11-10-2015 04:06 AM

Re: Unexpected error in cf_cert

Jump to solution

Thanks a lot for your help again sliedl.

Command output:

DN outputs for the Firewall Certificates its ok.

Observing the error message "TSWGenericError: TSWGenericError: genkey error: import: failed to update database entry with key values

algorithm: rsa", is there any command to verify the firewall database integrity?

0 Kudos
Reply
sliedl
sliedl
Level 14
Report Inappropriate Content
Message 6 of 9
‎11-10-2015 11:49 AM

Re: Unexpected error in cf_cert

Jump to solution

Oh wait, I know which cert area this is now.


Run this command (do not paste the results back here):

cf -TK name,dn cert q id

In the 'dn' column that shows up you'll see one of the Remote Identities has some string for the DN and it should be cn=some string.  You can edit this DN string under the Remote Identities tab in the Certificate Management page and just add cn= to the beginning of the string and Save it.

0 Kudos
Reply
danubio
danubio
Level 8
Report Inappropriate Content
Message 7 of 9
‎11-11-2015 05:37 AM

Re: Unexpected error in cf_cert

Jump to solution

Thanks again.

The command output is empty, and i tried to create a new Remote Identity but i am still unable to save because of error in cf_cert:

name dn

---- --

0 Kudos
Reply
sliedl
sliedl
Level 14
Report Inappropriate Content
Message 8 of 9
‎11-11-2015 09:31 AM

Re: Unexpected error in cf_cert

Jump to solution

I suggest calling into Support so we can see your configuration over a remote session.

0 Kudos
Reply
danubio
danubio
Level 8
Report Inappropriate Content
Message 9 of 9
‎11-23-2015 05:29 AM

Re: Unexpected error in cf_cert

Jump to solution

Thanks sliedl for assisting me.

I restarted the firewall and the changes on admin console go back to save.

Best regards!

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC