I think what you did was enter a DN wrong on one of your certificates (if you don't put 'CN=' at the beginning of the DN the firewall will still save it but the VPN code will error out on the cert).
You can run this command for a quick output of your certs and their DN outputs to see if you can spot which one does not begin with 'CN=':
cf -TK name,dn cert q client
I agree, I don't see any problems with those DNs. Run the same command except now it's for the Firewall Certificates and not the Remote/client Certificates (replace 'client' with 'fw' in the same command, at the end):
cf -TK name,dn cert q fw
Thanks a lot for your help again sliedl.
DN outputs for the Firewall Certificates its ok.
Observing the error message "TSWGenericError: TSWGenericError: genkey error: import: failed to update database entry with key values
algorithm: rsa", is there any command to verify the firewall database integrity?
Oh wait, I know which cert area this is now.
Run this command (do not paste the results back here):
cf -TK name,dn cert q id
In the 'dn' column that shows up you'll see one of the Remote Identities has some string for the DN and it should be cn=some string. You can edit this DN string under the Remote Identities tab in the Certificate Management page and just add cn= to the beginning of the string and Save it.
The command output is empty, and i tried to create a new Remote Identity but i am still unable to save because of error in cf_cert:
I suggest calling into Support so we can see your configuration over a remote session.
Thanks sliedl for assisting me.
I restarted the firewall and the changes on admin console go back to save.