- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-06-2017 09:32 AM - edited 02-06-2017 10:14 AM
Hello,
When trying to renew some certificates (already expired and signed by a internal windows server) we receive the error message below:
"Failed to write issuer certificate to disk"
This is a VM-100 model
We have other boxes (PA200 and 3020) with the same scenario (certificates signed by windows server and uploaded to PA box) that can be renewed without any problem...
Does anyone has ever faced that problem ?
02-22-2017 02:21 AM
Exact same situation and symptoms here, with two exceptions:
The problem smells of lack of disk space, but computer says no:
> show system disk-space Filesystem Size Used Avail Use% Mounted on /dev/sda3 3.8G 2.7G 932M 75% / /dev/sda5 7.6G 3.4G 3.9G 47% /opt/pancfg /dev/sda6 3.8G 1.6G 2.0G 45% /opt/panrepo tmpfs 1.9G 116M 1.8G 7% /dev/shm /dev/sda8 90G 63G 22G 75% /opt/panlogs
Anyone figure this out yet?
P.S. To give this thread better Google juice, the correct text of the error message is:
Failed to write issuer certificate components to disk
09-15-2017 12:27 PM
@MHamad wrote:Just faced the same issue. I faced it immediately after an upgrade from 7.0.x to 7.1.11 running on PA-3050's
Anyone contacted TAC for this?
Panorama stopped an updated firewall from checking its own certs:
Summary of web Session and Phone conversation:
-Checked certificate and found that it was not showing with key
-As cert was not with key so we can not use this cert in SSL/TLS profile
-So generate another certificate on firewall and get it signed by CSR
-Imported new cert and we are able to use imported cert in the SSL/TLS profile
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!