HA (High Availability) synchronization failed and returned the following error:
can't find cert 'ssl_cert' for vsys 0
Symptom
Run the show jobs command to see the job IDs admin@FW02(passive)> show jobs processed Enqueued ID Type Status Result Co -------------------------------------------------------------------- 2014/05/09 12:47:13 10 HA-Sync FIN FAIL 12 2014/05/09 11:59:07 9 HA-Sync FIN FAIL 11 2014/05/09 11:22:23 8 HA-Sync FIN FAIL 11 2014/05/09 11:12:59 7 Content FIN OK 11 2014/05/09 11:12:34 6 Install FIN OK 11 2014/05/09 11:11:22 5 Antivirus FIN OK 11 2014/05/09 11:10:58 4 Install FIN OK 11 2014/05/09 11:10:03 3 Downld FIN OK 11 2014/05/09 10:55:57 2 AutoCom FIN FAIL 10 2014/05/09 10:55:17
Filter on a specific job ID to view the complete error message admin@FW02(passive)> show jobs id 10 Enqueued ID Type Status Result Co -------------------------------------------------------------------- 2014/05/09 12:47:13 10 HA-Sync FIN FAIL 12 Warnings: Details:Error: can't find cert 'ssl_cert' for vsys 0 (Module: device) Commit failed
Resolution
The reason for HA-Sync failure is due to the missing certificate on the passive device.
Follow the steps below to resolve the issue:
Export certificate from the Active firewall and import it into the Passive firewall
Be sure to select the exact same usage for the certificate you just imported.