Re: [FW1] Cert isn't displayed after fw internalca?

Fri, 08 Dec 2000 14:04:17 -0800 


To make this work you must have close the GUI.  Perform an fwstop on the firewall
and management server.  Perform the fw internalca command and then the fwstart.  Not
performing the fwstop first will ensure it will not work  Leaving the GUI open and
then performing fwstop crashes the GUI and prevents the creation of the cert
impossible.

Also the correct command format is (performed on management server):
fw internalca create -dn "o=company, c=us" -force
fw internalca certify fw_object (Force should not be necessary on this line because
the previous force wiped out everything.  Note line doesn't contain "o=company,
c=us")

cameron.



Dan Hitchcock wrote:

> This has been buggy for me as well.  I have had success with forcibly
> re-creating the cert (add -force at the end of the internalca create line,
> using the same dn as the original cert), then cycling the service using the
> NT control panel.  Not sure if something similar would do the trick on *nix.
>
> Dan Hitchcock
> CCNA, MCSE
> Network Engineer
> Xylo, Inc.
> 425.456.3970
> The work/life solution for corporate thought leaders
>
> -----Original Message-----
> From: Jeff Newton [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, December 06, 2000 11:19 AM
> To: [EMAIL PROTECTED]
> Subject: [FW1] Cert isn't displayed after fw internalca?
>
> >fwstop
> >cd $FWDIR/bin
> >fw internalca create -dn "o=whatever, c=com"
> >fw internalca certify -o fw_object "o=whatever, c=com"
>
> Anyone know why the cert wouldn't show up in the cert tab of the fw
> object after the above is done?
>
> Cheers,
>
> ----
> Jeff Newton
>
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to