cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Unexpected error in cf_cert

Jump to solution

I received this error (print bellow) after trying to save changes on admin console, while i was trying to resolve a vpn problem. I dont know what is causing this error.

vpnerror.png

Any suggestions?

**Sorry for my english, if i wrote something wrong ok**

1 Solution

Accepted Solutions
Highlighted

Re: Unexpected error in cf_cert

Jump to solution

Thanks sliedl for assisting me.

I restarted the firewall and the changes on admin console go back to save.

Best regards!

View solution in original post

8 Replies
Level 14
Report Inappropriate Content
Message 2 of 9

Re: Unexpected error in cf_cert

Jump to solution

I think what you did was enter a DN wrong on one of your certificates (if you don't put 'CN=' at the beginning of the DN the firewall will still save it but the VPN code will error out on the cert).

You can run this command for a quick output of your certs and their DN outputs to see if you can spot which one does not begin with 'CN=':

cf -TK name,dn cert q client

Highlighted

Re: Unexpected error in cf_cert

Jump to solution

thanks for your answer sliedl.

command output:

command.png

DN outputs are ok i think. what do you think?

Highlighted
Level 14
Report Inappropriate Content
Message 4 of 9

Re: Unexpected error in cf_cert

Jump to solution

I agree, I don't see any problems with those DNs.  Run the same command except now it's for the Firewall Certificates and not the Remote/client Certificates (replace 'client' with 'fw' in the same command, at the end):

cf -TK name,dn cert q fw

Highlighted

Re: Unexpected error in cf_cert

Jump to solution

Thanks a lot for your help again sliedl.

Command output:

DN outputs for the Firewall Certificates its ok.

Observing the error message "TSWGenericError: TSWGenericError: genkey error: import: failed to update database entry with key values

algorithm: rsa", is there any command to verify the firewall database integrity?

Highlighted
Level 14
Report Inappropriate Content
Message 6 of 9

Re: Unexpected error in cf_cert

Jump to solution

Oh wait, I know which cert area this is now.


Run this command (do not paste the results back here):

cf -TK name,dn cert q id

In the 'dn' column that shows up you'll see one of the Remote Identities has some string for the DN and it should be cn=some string.  You can edit this DN string under the Remote Identities tab in the Certificate Management page and just add cn= to the beginning of the string and Save it.

Highlighted

Re: Unexpected error in cf_cert

Jump to solution

Thanks again.

The command output is empty, and i tried to create a new Remote Identity but i am still unable to save because of error in cf_cert:

name dn

---- --

Highlighted
Level 14
Report Inappropriate Content
Message 8 of 9

Re: Unexpected error in cf_cert

Jump to solution

I suggest calling into Support so we can see your configuration over a remote session.

Highlighted

Re: Unexpected error in cf_cert

Jump to solution

Thanks sliedl for assisting me.

I restarted the firewall and the changes on admin console go back to save.

Best regards!

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community