Hardware: PA220
Version: 10.1.5-h1
I'm trying to use a certificate that appears to be having issues. I first noticed the issue when I attempted to create a certificate profile using a trust root CA. When I try to create the profile, it fails to create and has error message "CA -> *CA NAME* is invalid -> CA is invalid".
I then went to explore the certificate, first making sure the checkbox to trust the certificate was clicked. When I made this change and committed the change, nothing happened.
This is when I decided to delete the certificate and start fresh. When I try to delete the certificate, it has error message "Failed to delete certificate *CA NAME* - Invalid Location / Permission Denied"
Well, I'm signed in as an admin account, so permission can't be accurate. I jumped into the CLI and used command 'request certificate show' to see what might be happening.
The certificate in question was listed, and the correct information was there, but this is where it's a little strange. The certificate actually had two names. The first name was from another certificate that isn't experiencing issues. The second name was the correct name.
I decided to remove the other certificate to see if that would fix anything (this certificate wasn't being used, so removing it was fine). This didn't actually fix anything, but it did remove the second name from the certificate when I perform that command again.
I tried uploading the certificate again, which was successful, but didn't resolve the issue. The original certificate is still there with problems. Now the FW reports a duplicate certificate any time I make changes. Also, when I try to import certificates signed by this CA, those certs are listed under the problem certificate. I'm not entirely sure what's happening here, but it is affecting the use of certain certificates.
I recently upgraded my FW from version 10.0.9 to 10.1.5-h1. Not sure if that could be the issue, but this problem only occurred after the upgrade.
... View more