Certificate failed to load

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Certificate failed to load

L2 Linker

Hi all,

We have two PA-4060 in active/passive mode with PAN-OS 4.1.12 (I know, old..).

Yesterday, after rebooting passive device auto commit failed with:

Error: Certificate 'XYZ' failed to load: failed to parse key

and device went to not-ready state.

After deleting problematic certificate and with commit force device become functional again.

We then tried synchronize configurations manually but HA-Sync fail with the same error

Error: Certificate 'XYZ' failed to load: failed to parse key

The last time the device was rebooted in March 2014 without problems and with the now problematic certificate on it.

Does anyone have any solution why this error occurred?

Tnx and regards,

Vesna.

4 REPLIES 4

L1 Bithead

Hi Vesna,

1. upgrade

2. It looks like your certificate isn't supported: What's the key size and signature algorithm of the certificate?

What is the certificate used for on your PA?

-> try to use a certificate that has the same options as the ones you get when creating a certificate on the PA itself.

Regards,

Tijl

We are actually seeing similar behaviour on Pan 6.1.2 on our PA-3020's. We try to sync from the primary to the secondary and it fails with that same error.  It has caused us no end of problems because effectively, the only way for us to get the sync to work is remove the global protect configuration which makes use of the certificates and then delete the certificates.  I'm wondering if anyone else has seen this and has an idea of why it may be happening?

Tijl, thank you for answer. Yes, I agree that upgrade is a must.

According to the information I received from the user, signature algorithm is SHA1RSA and public key size is 2048.

It's funny that this error didn't not occur last time device was rebooted and it is mystery why did it happened this time.

smells like a bug Smiley Happy

  • 5627 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!