无法推送到设备Panorama由于以下错误:“找不到证书的完整证书链,无法加载:无法解析密钥”

无法推送到设备Panorama由于以下错误:“找不到证书的完整证书链,无法加载:无法解析密钥”

28276
Created On 01/28/22 16:38 PM - Last Modified 03/02/23 06:03 AM


Symptom


在帕洛阿尔托网络防火墙之间执行配置迁移时,从推送到设备Panorama可能会失败并出现以下错误:

Log Analysis:
Warning: No Valid DNS Security License
vsys1
Warning: cannot find complete certificate chain for certificate 'generic certificate'
Error: Certificate 'generic certificate' failed to load: failed to parse key
Error loading vsys cfg
failed to handle CONFIG_UPDATE_START
(Module: device)
client device phase 1 failure
Commit failed

Environment


  • 帕洛阿尔托Firewall迁移自PA-220到 PA-460
  • PAN-OS 10.1.3
  • Firewall 被管理Panorama.

Resolution


  1. 验证提交错误Panorama识别被推送到的证书Firewall.
  2. 在Panorama, 去模板 > 设备 > 证书管理 > 证书找到被推送的证书。
  3. 使用新私钥重新部署新证书。
  4. 确保将此新证书应用于与旧证书相同的参考资料和策略,否则会出现其他错误。

Additional Information


生成证书
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oN5OCAU&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language