cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Unexpected error in cf_cert

Jump to solution

I received this error (print bellow) after trying to save changes on admin console, while i was trying to resolve a vpn problem. I dont know what is causing this error.

vpnerror.png

Any suggestions?

**Sorry for my english, if i wrote something wrong ok**

1 Solution

Accepted Solutions

Re: Unexpected error in cf_cert

Jump to solution

Thanks sliedl for assisting me.

I restarted the firewall and the changes on admin console go back to save.

Best regards!

8 Replies
sliedl
Level 14
Report Inappropriate Content
Message 2 of 9

Re: Unexpected error in cf_cert

Jump to solution

I think what you did was enter a DN wrong on one of your certificates (if you don't put 'CN=' at the beginning of the DN the firewall will still save it but the VPN code will error out on the cert).

You can run this command for a quick output of your certs and their DN outputs to see if you can spot which one does not begin with 'CN=':

cf -TK name,dn cert q client

Re: Unexpected error in cf_cert

Jump to solution

thanks for your answer sliedl.

command output:

command.png

DN outputs are ok i think. what do you think?

sliedl
Level 14
Report Inappropriate Content
Message 4 of 9

Re: Unexpected error in cf_cert

Jump to solution

I agree, I don't see any problems with those DNs.  Run the same command except now it's for the Firewall Certificates and not the Remote/client Certificates (replace 'client' with 'fw' in the same command, at the end):

cf -TK name,dn cert q fw

Re: Unexpected error in cf_cert

Jump to solution

Thanks a lot for your help again sliedl.

Command output:

DN outputs for the Firewall Certificates its ok.

Observing the error message "TSWGenericError: TSWGenericError: genkey error: import: failed to update database entry with key values

algorithm: rsa", is there any command to verify the firewall database integrity?

sliedl
Level 14
Report Inappropriate Content
Message 6 of 9

Re: Unexpected error in cf_cert

Jump to solution

Oh wait, I know which cert area this is now.


Run this command (do not paste the results back here):

cf -TK name,dn cert q id

In the 'dn' column that shows up you'll see one of the Remote Identities has some string for the DN and it should be cn=some string.  You can edit this DN string under the Remote Identities tab in the Certificate Management page and just add cn= to the beginning of the string and Save it.

Re: Unexpected error in cf_cert

Jump to solution

Thanks again.

The command output is empty, and i tried to create a new Remote Identity but i am still unable to save because of error in cf_cert:

name dn

---- --

sliedl
Level 14
Report Inappropriate Content
Message 8 of 9

Re: Unexpected error in cf_cert

Jump to solution

I suggest calling into Support so we can see your configuration over a remote session.

Re: Unexpected error in cf_cert

Jump to solution

Thanks sliedl for assisting me.

I restarted the firewall and the changes on admin console go back to save.

Best regards!

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center