This would NOT work until I removed IKE encryption from the fw object
and did a policy reload.
Cheers,
>To make this work you must have close the GUI. Perform an fwstop on
the firewall
>and management server. Perform the fw internalca command and then
the fwstart. Not
>performing the fwstop first will ensure it will not work Leaving the
GUI open and
>then performing fwstop crashes the GUI and prevents the creation of
the cert
>impossible.
>
>Also the correct command format is (performed on management server):
>fw internalca create -dn "o=company, c=us" -force
>fw internalca certify fw_object (Force should not be necessary on
this line because
>the previous force wiped out everything. Note line doesn't contain
"o=company,
>c=us")
>
>cameron.
>
>
>
>Dan Hitchcock wrote:
>
>> This has been buggy for me as well. I have had success with
forcibly
>> re-creating the cert (add -force at the end of the internalca
create line,
>> using the same dn as the original cert), then cycling the service
using the
>> NT control panel. Not sure if something similar would do the trick
on *nix.
>>
>> Dan Hitchcock
>> CCNA, MCSE
>> Network Engineer
>> Xylo, Inc.
>> 425.456.3970
>> The work/life solution for corporate thought leaders
>>
>> -----Original Message-----
>> From: Jeff Newton [mailto:[EMAIL PROTECTED]]
>> Sent: Wednesday, December 06, 2000 11:19 AM
>> To: [EMAIL PROTECTED]
>> Subject: [FW1] Cert isn't displayed after fw internalca?
>>
>> >fwstop
>> >cd $FWDIR/bin
>> >fw internalca create -dn "o=whatever, c=com"
>> >fw internalca certify -o fw_object "o=whatever, c=com"
>>
>> Anyone know why the cert wouldn't show up in the cert tab of the fw
>> object after the above is done?
>>
>> Cheers,
>>
>> ----
>> Jeff Newton
>>
>>
======================================================================
======
>> ====
>> To unsubscribe from this mailing list, please see the
instructions at
>> http://www.checkpoint.com/services/mailing.html
>>
======================================================================
======
>> ====
>>
>>
======================================================================
==========
>> To unsubscribe from this mailing list, please see the
instructions at
>> http://www.checkpoint.com/services/mailing.html
>>
======================================================================
==========
----
Jeff Newton
Security Analyst
PMC-Sierra Inc.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
