Failure to Delete a Certificate

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Failure to Delete a Certificate

L3 Networker

PA-200

PAN 6.01


I imported a certificate, but failed to do something correctly.  I wanted to delete the cert, and start over.  When I select the certificate 'ServicesVPN' and click Delete I'm told ...

   1- Failed to delete Certificate - ServicesVPN.

  ° ServicesVPN cannot be deleted because of references from:

  ° deviceconfig -> system -> syslog-certificate

I'm at a bit of a loss where to system > syslog-certificate reference is.  Help ...

1 accepted solution

Accepted Solutions

bdunbar


Could you please try the following command from CLI:

delete deviceconfig system syslog-certificate

Then try the commit and see if that succeeds.

Thanks

View solution in original post

12 REPLIES 12

L5 Sessionator

Hi bdunbar

I think your syslog server profile (Device > Server Profiles > Syslog) must have the transport method set as SSL, that's why the above error.

Try changing/deleting the above and it should fix the issue

Thanks

Nope - nothing there.  This is a new install, new infrastructure: I haven't pointed it at the syslog server yet.

Hello bdunbar,

If you are using SSL for your syslog connection, then it requires a client certificate. Please make sure that the certificate, which is enabled for "Certificate for Secure Syslog".

The FW will not allow you to delete, since this refers to SYSLOG certificate.

For example:

syslog-cert.jpg

Thanks

bdunbar


Could you please try the following command from CLI:

delete deviceconfig system syslog-certificate

Then try the commit and see if that succeeds.

Thanks

L5 Sessionator

Hi Bdunbar,

If you are trying to delete the cert, then simply uncheck the Syslog option for the cert. Then delete it. It should work. Hope this helps.

Okay ..

admin@PA-200> delete deviceconfig system syslog-certificate

Invalid syntax.

admin@PA-200

It is not checked.

Hello bdunbar,

Could you please go to Device > Certificate Manangement > Certificate and open the certificate and uncheck that option "Certificate for Secure Syslog".

or try this from  CLI: admin@PA-3020# delete deviceconfig system syslog-certificate

Thanks

You will need to go to configuration mode

admin@PA-200> configure

admin@PA-200# delete deviceconfig system syslog-certificate

bdunbar


That command should be run from configuration mode:

admin@PA-200> configure

admin@PA-200# delete deviceconfig system syslog-certificate

Thanks

I think you just missed the configure mode

Have you been able to delete it ?

Once I entered configure mode, deleted the syslog-certificate.  Then the commit ran from GUI, and I was able to delete the 'bad' certificate.

Thanks!

  • 1 accepted solution
  • 6306 Views
  • 12 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!