09-24-2014 02:05 PM
PA-200
PAN 6.01
I imported a certificate, but failed to do something correctly. I wanted to delete the cert, and start over. When I select the certificate 'ServicesVPN' and click Delete I'm told ...
1- Failed to delete Certificate - ServicesVPN.
° ServicesVPN cannot be deleted because of references from:
° deviceconfig -> system -> syslog-certificate
I'm at a bit of a loss where to system > syslog-certificate reference is. Help ...
09-24-2014 02:23 PM
Could you please try the following command from CLI:
delete deviceconfig system syslog-certificate
Then try the commit and see if that succeeds.
Thanks
09-24-2014 02:10 PM
Hi bdunbar
I think your syslog server profile (Device > Server Profiles > Syslog) must have the transport method set as SSL, that's why the above error.
Try changing/deleting the above and it should fix the issue
Thanks
09-24-2014 02:13 PM
Nope - nothing there. This is a new install, new infrastructure: I haven't pointed it at the syslog server yet.
09-24-2014 02:21 PM
Hello bdunbar,
If you are using SSL for your syslog connection, then it requires a client certificate. Please make sure that the certificate, which is enabled for "Certificate for Secure Syslog".
The FW will not allow you to delete, since this refers to SYSLOG certificate.
For example:
Thanks
09-24-2014 02:23 PM
Could you please try the following command from CLI:
delete deviceconfig system syslog-certificate
Then try the commit and see if that succeeds.
Thanks
09-24-2014 02:25 PM
Hi Bdunbar,
If you are trying to delete the cert, then simply uncheck the Syslog option for the cert. Then delete it. It should work. Hope this helps.
09-24-2014 02:32 PM
Okay ..
admin@PA-200> delete deviceconfig system syslog-certificate
Invalid syntax.
admin@PA-200
09-24-2014 02:36 PM
Hello bdunbar,
Could you please go to Device > Certificate Manangement > Certificate and open the certificate and uncheck that option "Certificate for Secure Syslog".
or try this from CLI: admin@PA-3020# delete deviceconfig system syslog-certificate
Thanks
09-24-2014 02:37 PM
You will need to go to configuration mode
admin@PA-200> configure
admin@PA-200# delete deviceconfig system syslog-certificate
09-24-2014 02:37 PM
That command should be run from configuration mode:
admin@PA-200> configure
admin@PA-200# delete deviceconfig system syslog-certificate
Thanks
09-25-2014 06:44 AM
I think you just missed the configure mode
Have you been able to delete it ?
09-25-2014 09:09 AM
Once I entered configure mode, deleted the syslog-certificate. Then the commit ran from GUI, and I was able to delete the 'bad' certificate.
Thanks!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
