Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Unable to delete Certificate

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Unable to delete Certificate

L4 Transporter

Hi

 

I need to delete a certificate from a PA-3050. The certificate is currently EXPIRED. When I try to delete it it says this message

 

     1- Failed to delete Certificate - MYCOMPANYWildcard 2014-2017-FOR_DELETION.
  °  MYCOMPANY Wildcard 2014-2017-FOR_DELETION cannot be deleted because of references from:
  °  ssl-tls-service-profile -> MYCOMPANYWildcard 2014-2017-ssl-tls-service-profile -> certificate

 

In Device-Certificate Management-SSL/TLS Service Profile doesn't appear it.  i download a copy of the current running config and it appear,

 

<ssl-tls-service-profile>
<entry name="MYCOMPANYWildcard 2014-2017-ssl-tls-service-profile">
<certificate>MYCOMPANYWildcard 2014-2017-FOR_DELETION</certificate>
<protocol-settings/>
</entry>
</ssl-tls-service-profile>

 

but I don't know where could it be. Do anybody knows where could it be?

 

best Regards

 

P.D

I also try to revoke it but appear this message "Certificate is not locally issued."

 

7 REPLIES 7

L7 Applicator

If you can see the certificate inside of Device > Certificate Management > Certificates

But you cannot delete it.. question.. if you can click on the certificate to get more information.. what is checked?

 

Also, inside of the CLI, you should be able to list out:

> show shared ssl-decrypt

 

it should show you all of your certificates who have some form or fashion of being associated with ssl-decrypt.

 

You can run this command from the CLI to get it removed:

 

> configure
> delete shared ssl-decrypt trusted-root-CA 123Test
  (where 123Test was the name of the cert in question)

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

Hi. 

 

There are the questions for your answer.

 

1. if you can click on the certificate to get more information.. what is checked?. There is nothing checked.

 

2. acuntia@FW2(active)# show shared ssl-decrypt
ssl-decrypt {
ssl-exclude-cert;
forward-untrust-certificate "Forward untrust";
forward-trust-certificate SSL_Decrypt;
}
[edit]
acuntia@FW2(active)# 

 

 

3. I try to delete, option "shared" now appears but I have this output (see attachment"

Ssl-certificate.png

 

best regards

Hi. 

 

Still impossible to delete the certificate. Anybody knows what could be happening?

 

best regards

i also tried to delete cert no luck

 

 

MP

Help the community: Like helpful comments and mark solutions.

@MP18,

In instances like this I would simply put a lock on the configuration, export the candidate-config.xml on the device and manually remove the certificate from the XML file. You can then import and load the configuration.

 

First I deleted the cert from the CLI it got deleted but GUI  still shows cert.

Then i was able to delete it from the GUI also.

MP

Help the community: Like helpful comments and mark solutions.

Also, if not stated before, any cert that you are trying to delete cannot be "in use" in the config, or  you will not be able to delete it.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
  • 23075 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!