Palo Alto Networks Knowledgebase: System or Commit Error: Key generation operation failed - RSA""

System or Commit Error: Key generation operation failed - RSA""

1522
Created On 02/07/19 23:46 PM - Last Updated 02/07/19 23:46 PM
Policy
Resolution

Issue

The following error appears after a commit or a high severity system log event:

Key generation operation failed - RSA.

Detail of system event:
domain: 1
receive_time: 2014/11/11 09:13:53
serial: 012345678
seqno: 11128
actionflags: 0x0
type: SYSTEM
subtype: general
config_ver: 0
time_generated: 2014/11/11 09:13:53
vsys: vsys1
eventid: general
object:
fmt: 0
id: 0
module: general
severity: high
opaque: Key generation operation failed - RSA

 

Cause

This error only appears when FIPS (Federal Information Processing Standards 140-2) mode is enabled and:

  • Any certificates included inside of that config are 1024 bits or less
  • SSH key-based authentication is set to 1024 bits or less for Admin logins

 

This error is only a notification that the certificates are not FIPS compliant, but they are not service impacting.

 

Per the Admin Guide, requirements when enabling FIPS mode:

  • Self-generated and imported certificates must contain public keys that are 2048 bits or higher.
  • SSH key-based authentication must use RSA public keys that are 2048 bits or higher.

 

Resolution

Any certificates that are inside of the configuration, used or not, need to match the FIPS requirements. Any certificates or SSH Key based authentication need to be 2048 bit or higher.

 

Contact Palo Alto Networks Support if any assistance is needed to resolve this issue.

 

owner: jdelio



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClquCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language