This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2008-08-13 10:04 AM

Certificate error when setting up Checkpoint box

Hey folks,

I'm trying to add a new Checkpoint box to report into our Envision setup.  We decided to go with SSLCA authentication, so I made it to the point where the following command needs to be run from the LC:

 

OPSEC_pull_cert –h 192.168.1.1 –p password –n enVision_OPSEC

 

However, after running that command, I get the following error:

 

Opsec error. rc=-1 err=-93 The referred entity does not exist in the Certificate Authority.

 

 I was able to add a second Checkpoint box fine using this same method, but for some reason, this particular one is being troublesome.


Any ideas as to what could be causing this error?

Thanks!
Bash

 

 

0 Likes
Reply
3 Replies
RSAAdmin
Beginner
Beginner
‎2008-08-14 03:59 PM

Not sure what was happening, but we erased the offending Checkpoint box from Envision, along with all folders and existing settings.  We also blew away all SIC settings on the Checkpoint box and re-created everything from scratch.  After that, I was able to use the opsec command mentioned earlier to pull down the certificate successfully.
Message Edited by bashiri on08-14-200804:00 PM
0 Likes
Reply
JeffHermans
Beginner
Beginner
‎2009-10-08 04:01 PM

I am receiving the same error and found Solution ID a36558 on RSA's SecureCare Online Knowledgebase, but it doesn't actually tell you how to fix the issue. In my case it says that the cause is "The SIC communication with the adapter is already in the ''Trust established'' mode."

 

Anyone know how to fix the fact that the adapter is already in the "Trust established" mode?  I have 2 other Check Point systems setup and working properly but repeating the process on this third one is failing. I have it configured with:

 

  • Authentication connection:  NG Server Authentication
  • Authentication type:  sslca 

Thanks in advance!
0 Likes
Reply
JeffHermans
Beginner
Beginner
In response to JeffHermans
‎2009-10-09 05:56 PM

Solution Follow-Up:

Our firewall admin reset the SIC on the Check Point firewall and installed policy to apply the change. That fixed it on the enVision side so I was able to run the OPSEC_pull_cert properly.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.