Failure to Delete a Certificate

Reply
L3 Networker

Failure to Delete a Certificate

PA-200

PAN 6.01


I imported a certificate, but failed to do something correctly.  I wanted to delete the cert, and start over.  When I select the certificate 'ServicesVPN' and click Delete I'm told ...

   1- Failed to delete Certificate - ServicesVPN.

  ° ServicesVPN cannot be deleted because of references from:

  ° deviceconfig -> system -> syslog-certificate

I'm at a bit of a loss where to system > syslog-certificate reference is.  Help ...

bat
L5 Sessionator

Re: Failure to Delete a Certificate

Hi bdunbar

I think your syslog server profile (Device > Server Profiles > Syslog) must have the transport method set as SSL, that's why the above error.

Try changing/deleting the above and it should fix the issue

Thanks

L3 Networker

Re: Failure to Delete a Certificate

Nope - nothing there.  This is a new install, new infrastructure: I haven't pointed it at the syslog server yet.

L7 Applicator

Re: Failure to Delete a Certificate

Hello bdunbar,

If you are using SSL for your syslog connection, then it requires a client certificate. Please make sure that the certificate, which is enabled for "Certificate for Secure Syslog".

The FW will not allow you to delete, since this refers to SYSLOG certificate.

For example:

syslog-cert.jpg

Thanks

Highlighted
bat
L5 Sessionator

Re: Failure to Delete a Certificate

bdunbar


Could you please try the following command from CLI:

delete deviceconfig system syslog-certificate

Then try the commit and see if that succeeds.

Thanks

L5 Sessionator

Re: Failure to Delete a Certificate

Hi Bdunbar,

If you are trying to delete the cert, then simply uncheck the Syslog option for the cert. Then delete it. It should work. Hope this helps.

L3 Networker

Re: Failure to Delete a Certificate

Okay ..

admin@PA-200> delete deviceconfig system syslog-certificate

Invalid syntax.

admin@PA-200

L3 Networker

Re: Failure to Delete a Certificate

It is not checked.

L7 Applicator

Re: Failure to Delete a Certificate

Hello bdunbar,

Could you please go to Device > Certificate Manangement > Certificate and open the certificate and uncheck that option "Certificate for Secure Syslog".

or try this from  CLI: admin@PA-3020# delete deviceconfig system syslog-certificate

Thanks

L5 Sessionator

Re: Failure to Delete a Certificate

You will need to go to configuration mode

admin@PA-200> configure

admin@PA-200# delete deviceconfig system syslog-certificate

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!