Support Center > Search Results > SecureKnowledge Details
Policy installation fails on a specific VS with "Internal SSL authentication SSL error [ Unknown ]" error Technical Level
Symptoms
  • Policy installation fails on a specific VS with "Internal SSL authentication SSL error [ Unknown ]" error.

    Policy install error

  • Extending the error window shows:
    "the following certificate on gateway "xxxxx_vs" has already expired:
    1. DN:=CN=vs_name VPN certificate,O=<Main_Cma_name>, expiration date <day> <month> <time> <year>
    "the following certificate on gateway "xxxxx_vs" has already expired:
    1. DN:=CN=vs_name VPN certificate,O=<Main_Cma_name>, expiration date <day> <month> <time> <year>

  • Checking for SIC communication shows SIC communicating with the VS

  • Status of '# vsx stat -v' shows "Trust" on the VS is established

  • Reset SIC works but the issue is not resolved

  • FWM debug shows:
    [FWM PID]@MGMT[DATE TIME] SIC Error for amon: Authentication error
    [FWM PID]@MGMT[DATE TIME] opsec_auth_client_connected: connect failed (147)
    [FWM PID]@MGMT[DATE TIME] opsec_auth_client_connected: SIC Error for amon: Authentication error

  • Strangely CPD debug does not show any activity related to the SIC reset request while in debug mode during this scenario.

  • The Certificate for the VS is "Expired" on the relevant Main_CMA for this VS, as mentioned in 5, reset SIC does not change this state.

  • The SIC certificate is Valid on both sides (CMA/Management server & VSX)

Cause

A VPN certificate was once issued to the VS in question and was never removed, however the IPSECVPN checkbox was unchecked and so the certificate became "invisible".


Solution
Note: To view this solution you need to Sign In .