Juniper SRX certificate ‘aamw-srx-cert’: certificate does not exist
error: certificate ‘aamw-srx-cert’: certificate does not exist .
error: trusted-ca ‘aamw-cloud-ca’ does not exist!
error: trusted-ca ‘aamw-secintel-ca’ does not exist!
Error:
{primary:node0}[edit]
root# commit and-quit
[edit security pki]
‘ca-profile aamw-secintel-ca’
Missing mandatory statement: ‘ca-identity’
[edit security pki]
‘ca-profile aamw-cloud-ca’
Missing mandatory statement: ‘ca-identity’
error: commit failed: (missing mandatory statements)
FIX:
{primary:node0}[edit]
root# delete security pki
{primary:node0}[edit]
root# commit and-quit
warning: You have changed enhanced services mode.
You must reboot the system for your change to take effect.
If you have deployed a cluster, be sure to reboot all nodes.
node0:
commit complete
Exiting configuration mode
Once joined to the cluster sync this with working SRX that will update all the cert.
Location of Certificates
The certificates/key-pairs used for IKE negotiations are stored in following locations,
/var/db/certs/common/key-pair
/var/db/certs/common/local
/var/db/certs/common/certification-authority
If the cert is missing, use WinSCP to copy the /var/db/certs folder.
Categorised as: Firewall, Hardware/Software, Juniper, SRX
Leave a Reply
You must be logged in to post a comment.