This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Error when trying to renew certificate "Failed to write issuer certificate to disk"

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Error when trying to renew certificate "Failed to write issuer certificate to disk"

FabioGarcia
L3 Networker

‎02-06-2017 09:32 AM - edited ‎02-06-2017 10:14 AM

Hello,

 

When trying to renew some certificates (already expired and signed by a internal windows server) we receive the error message below:

 

"Failed to write issuer certificate to disk"

 

2017-02-06.png

 

This is a VM-100 model

We have other boxes (PA200 and 3020) with the same scenario (certificates signed by windows server and uploaded to PA box) that can be renewed without any problem...

 

Does anyone has ever faced that problem ?

 

 

8 people had this problem.
0 Likes Likes
3 REPLIES 3

jlb
L0 Member

‎02-22-2017 02:21 AM

Exact same situation and symptoms here, with two exceptions:

  • our SubCA cert hasn't expired yet
  • the Palo Alto box in question is a PA-3020

 

The problem smells of lack of disk space, but computer says no:

 

> show system disk-space

Filesystem            Size  Used Avail Use% Mounted on
/dev/sda3             3.8G  2.7G  932M  75% /
/dev/sda5             7.6G  3.4G  3.9G  47% /opt/pancfg
/dev/sda6             3.8G  1.6G  2.0G  45% /opt/panrepo
tmpfs                 1.9G  116M  1.8G   7% /dev/shm
/dev/sda8              90G   63G   22G  75% /opt/panlogs

 

Anyone figure this out yet?

 

 

P.S. To give this thread better Google juice, the correct text of the error message is:

 

Failed to write issuer certificate components to disk

 

0 Likes Likes

MHamad
L2 Linker

‎09-15-2017 08:09 AM

Just faced the same issue. I faced it immediately after an upgrade from 7.0.x to 7.1.11 running on PA-3050's

 

Anyone contacted TAC for this?

0 Likes Likes

EuJones
L0 Member
In response to MHamad

‎09-15-2017 12:27 PM

@MHamad wrote:

Just faced the same issue. I faced it immediately after an upgrade from 7.0.x to 7.1.11 running on PA-3050's

 

Anyone contacted TAC for this?


Panorama stopped an updated firewall from checking its own certs:

 

Summary of web Session and Phone conversation:

-Checked certificate and found that it was not showing with key
-As cert was not with key so we can not use this cert in SSL/TLS profile 
-So generate another certificate on firewall and get it signed by CSR 
-Imported new cert and we are able to use imported cert in the SSL/TLS profile 

0 Likes Likes
  • 7136 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks