Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] `fw internalca` certificate creation problem

To: [email protected]
Subject: Re: [FW-1] `fw internalca` certificate creation problem
From: Steve Loughran <[email protected]>
Date: Sat, 8 Jun 2002 12:11:05 +0100
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Many thanks for that, I will give that a go on Monday when I get back to
work. Will there be any strange effects from me recreating the CA on the
management server? Or once I have force recreated the CA, created the certs,
and pushed the policies to all the firewalls, will it just be as if nothing
had really happened?

Steve

----- Original Message -----
From: "Xena Warrior" <[email protected]>
To: <[email protected]>
Sent: Saturday, June 08, 2002 11:13 AM
Subject: Re: [FW-1] `fw internalca` certificate creation problem


> Steve,
>
> you may consider recreating the CA on management
> station with the   -force   option at end of command.
>
> Then try to create individual certificates for the
> external FW modules.
>
> HTH
>
>
> --- Steve Loughran <[email protected]> wrote:
> > Hi all
> >
> > FW-1 3DES v4.1+SP5
> > Solaris 2.6 on management host (plus
> > firewall/enforcement module)
> > Solaris 7 (33 bit) on remaining hosts (firewall
> > modules only)
> >
> > Got a bit of a strange problem here...... The first
> > FW unit i configured (a
> > while back) was a combined management and firewall
> > enforcement unit. I ran
> > the `fw internalca` command to create an internal ca
> > server, and then
> > certified that unit. No problem.
> >
> > Now I need to create certificates for newer firewall
> > units that use the
> > first host as the management host, I cannot get the
> > command to work:
> >
> > as per the CP hybrid mode PDF file:
> >     prompt# fwstop
> >     <shuts down correctly>
> >     prompt# fw internalca certify -o fw-2
> > "o=someorg, c=uk"
> >     failed to create certificate
> >     Unknown problem, rc = -278752792
> >
> > or as per my CP support team recomendation:
> >     prompt# fwstop
> >     <shuts down correctly>
> >     prompt# fw internalca certify -o fw-2 -dn
> > "o=someorg, c=uk"
> >     failed to create certificate
> >     Unknown problem, rc = -278752792
> >
> > $FWDIR and $PATH have all the right details in them.
> >
> > I am assuming that I should be running this command
> > on the management host,
> > but its not working for some reason. Does anyone
> > have any ideas?
> >
> > As always, any help would be greatly appreciated.
> >
> > --
> >
> > Steve
> >
> > -------------------------------------------------
> > Steve Loughran, Network Infrastructure Manager
> > Sony Computer Entertainment Europe (Cambridge)
> > Yamaha YZF1000R Thunderace
> > ICQ#: 12666311 (Work), 104426046 (Laptop)
> > Team Waste - Where do you want to go wrong today?
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] `fw internalca` certificate creation problem
  - From: Xena Warrior <[email protected]>

References:
- Re: [FW-1] `fw internalca` certificate creation problem
  - From: Xena Warrior <[email protected]>

Prev by Date: Re: [FW-1] FP1 problem "Name Already Used!"
Next by Date: Re: [FW-1]
Previous by thread: Re: [FW-1] `fw internalca` certificate creation problem
Next by thread: Re: [FW-1] `fw internalca` certificate creation problem
Index(es):
- Date
- Thread