Failed to delete certificate - Invalid Location / Permission Denied

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Failed to delete certificate - Invalid Location / Permission Denied

L2 Linker

Hardware: PA220

Version: 10.1.5-h1

 

I'm trying to use a certificate that appears to be having issues. I first noticed the issue when I attempted to create a certificate profile using a trust root CA. When I try to create the profile, it fails to create and has error message "CA -> *CA NAME* is invalid -> CA is invalid".

 

I then went to explore the certificate, first making sure the checkbox to trust the certificate was clicked. When I made this change and committed the change, nothing happened.

 

This is when I decided to delete the certificate and start fresh. When I try to delete the certificate, it has error message "Failed to delete certificate *CA NAME* - Invalid Location / Permission Denied"

 

Well, I'm signed in as an admin account, so permission can't be accurate. I jumped into the CLI and used command 'request certificate show' to see what might be happening. 

 

The certificate in question was listed, and the correct information was there, but this is where it's a little strange. The certificate actually had two names. The first name was from another certificate that isn't experiencing issues. The second name was the correct name. 

 

I decided to remove the other certificate to see if that would fix anything (this certificate wasn't being used, so removing it was fine). This didn't actually fix anything, but it did remove the second name from the certificate when I perform that command again.

 

I tried uploading the certificate again, which was successful, but didn't resolve the issue. The original certificate is still there with problems. Now the FW reports a duplicate certificate any time I make changes. Also, when I try to import certificates signed by this CA, those certs are listed under the problem certificate. I'm not entirely sure what's happening here, but it is affecting the use of certain certificates.

 

I recently upgraded my FW from version 10.0.9 to 10.1.5-h1. Not sure if that could be the issue, but this problem only occurred after the upgrade.

4 REPLIES 4

Cyber Elite
Cyber Elite

I'd try to 'revert to running' so the candidate config is overwritten with that is actually installed on the dataplane. That way, if for some reason something got 'corrupted' in the candidate config XML, the config is fixed 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Thanks for the response, however, we're far past that point. This became an issue after upgrading the FW. I believe I'm going to have to downgrade and restore the previously saved config, then try to upgrade again. Maybe I'll remove the cert first. I hoped for a better solution, but I have been unsuccessful. 

L1 Bithead

It could be happening because " ' " has been used in cert name.

I would recommend to remove ' from cert name and it should not through error again.

@mimran, you may be right with that. I believe the certificate was name Let's Encrypt. I have move passed this issue, but can say I never resolved it. I did upgrade from the PA-220 since then, and do not have this same issue on the new device.

  • 4662 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!