SRX

Expand all | Collapse all

SRX 1400 commit error

Jump to Best Answer
  • 1.  SRX 1400 commit error

    Posted 06-14-2018 08:35

    Hello I'm having the following problem when I try to commit changes after configuring any kind of  NAT or while  trying  to modify any Interface. 

     

    Any help would be greatly appreciated 

     

     

    junos error.PNG


    #commiterror


  • 2.  RE: SRX 1400 commit error

    Posted 06-14-2018 11:44

    As the error message says the certificate validation is failing and hence it is not allowing you to commit the config. Most often it is related to the date and timestamp  mentioned in "Not-Before" and "Not-After" section of the certificate.

     

    From CLI, please share the outputs of the following command:

    > show version

    > show system uptime

    > show security pki ca-certificate detail

    > show security pki local-certificate detail

    > show configuration security pki | display set

     

    Thanks,

    Kinshuk

     



  • 3.  RE: SRX 1400 commit error

    Posted 06-14-2018 12:07

    Hello, here are the results from the CLI commands   

     

    Version

    Spoiler
    node0:
    --------------------------------------------------------------------------
    Hostname: XXXXXXXX
    Model: srx1400
    JUNOS Software Release [12.1X47-D25.4]

    node1:
    --------------------------------------------------------------------------
    Hostname: XXXXXXXX
    Model: srx1400
    JUNOS Software Release [12.1X47-D25.4]

    uptime 

    node0:
    --------------------------------------------------------------------------
    Current time: 2018-06-14 13:55:26 COT
    System booted: 2018-03-18 04:12:18 COT (12w4d 09:43 ago)
    Protocols started: 2018-03-18 04:16:44 COT (12w4d 09:38 ago)
    Last configured: 2018-06-13 15:49:02 COT (22:06:24 ago) by admin
    1:55PM up 88 days, 9:43, 3 users, load averages: 0.10, 0.12, 0.12

    node1:
    --------------------------------------------------------------------------
    Current time: 2018-06-14 13:55:26 COT
    System booted: 2018-03-18 04:12:18 COT (12w4d 09:43 ago)
    Last configured: 2018-06-13 15:49:01 COT (22:06:25 ago) by root
    1:55PM up 88 days, 9:43, 0 users, load averages: 0.07, 0.10, 0.03


    show security pki ca-certificate detail 

    node0:
    --------------------------------------------------------------------------

    Certificate identifier: CAs_Trust_4
    Certificate version: 3
    Serial number: 02ac5c266a0b409b8f0b79f2ae462577
    Issuer:
    Organization: DigiCert Inc, Organizational unit: www.digicert.com, Country: US, Common name: DigiCert High Assurance EV Root CA
    Subject:
    Organization: DigiCert Inc, Organizational unit: www.digicert.com, Country: US, Common name: DigiCert High Assurance EV Root CA
    Subject string:
    C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    Validity:
    Not before: 11-10-2006 00:00 UTC
    Not after: 11-10-2031 00:00 UTC
    Public key algorithm: rsaEncryption(2048 bits)
    30:82:01:0a:02:82:01:01:00:c6:cc:e5:73:e6:fb:d4:bb:e5:2d:2d
    32:a6:df:e5:81:3f:c9:cd:25:49:b6:71:2a:c3:d5:94:34:67:a2:0a
    1c:b0:5f:69:a6:40:b1:c4:b7:b2:8f:d0:98:a4:a9:41:59:3a:d3:dc
    94:d6:3c:db:74:38:a4:4a:cc:4d:25:82:f7:4a:a5:53:12:38:ee:f3
    49:6d:71:91:7e:63:b6:ab:a6:5f:c3:a4:84:f8:4f:62:51:be:f8:c5
    ec:db:38:92:e3:06:e5:08:91:0c:c4:28:41:55:fb:cb:5a:89:15:7e
    71:e8:35:bf:4d:72:09:3d:be:3a:38:50:5b:77:31:1b:8d:b3:c7:24
    45:9a:a7:ac:6d:00:14:5a:04:b7:ba:13:eb:51:0a:98:41:41:22:4e
    65:61:87:81:41:50:a6:79:5c:89:de:19:4a:57:d5:2e:e6:5d:1c:53
    2c:7e:98:cd:1a:06:16:a4:68:73:d0:34:04:13:5c:a1:71:d3:5a:7c
    55:db:5e:64:e1:37:87:30:56:04:e5:11:b4:29:80:12:f1:79:39:88
    a2:02:11:7c:27:66:b7:88:b7:78:f2:ca:0a:a8:38:ab:0a:64:c2:bf
    66:5d:95:84:c1:a1:25:1e:87:5d:1a:50:0b:20:12:cc:41:bb:6e:0b
    51:38:b8:4b:cb:02:03:01:00:01
    Signature algorithm: sha1WithRSAEncryption
    Use for key: CRL signing, Certificate signing, Digital signature
    Fingerprint:
    5f:b7:ee:06:33:e2:59:db:ad:0c:4c:9a:e6:d3:8f:1a:61:c7:dc:25 (sha1)
    d4:74:de:57:5c:39:b2:d3:9c:85:83:c5:c0:65:49:8a (md5)

    Certificate identifier: CAs_Trust_8
    Certificate version: 3
    Serial number: 0a5f114d035b179117d2efd4038c3f3b
    Issuer:
    Organization: DigiCert Inc, Organizational unit: www.digicert.com, Country: US, Common name: DigiCert High Assurance EV Root CA
    Subject:
    Organization: DigiCert Inc, Organizational unit: www.digicert.com, Country: US, Common name: DigiCert High Assurance CA-3
    Subject string:
    C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3
    Validity:
    Not before: 04- 2-2008 12:00 UTC
    Not after: 04- 3-2022 00:00 UTC
    Public key algorithm: rsaEncryption(2048 bits)
    30:82:01:0a:02:82:01:01:00:bf:61:0a:29:10:1f:5e:fe:34:37:51
    08:f8:1e:fb:22:ed:61:be:0b:0d:70:4c:50:63:26:75:15:b9:41:88
    97:b6:f0:a0:15:bb:08:60:e0:42:e8:05:29:10:87:36:8a:28:65:a8
    ef:31:07:74:6d:36:97:2f:28:46:66:04:c7:2a:79:26:7a:99:d5:8e
    c3:6d:4f:a0:5e:ad:bc:3d:91:c2:59:7b:5e:36:6c:c0:53:cf:00:08
    32:3e:10:64:58:10:13:69:c7:0c:ee:9c:42:51:00:f9:05:44:ee:24
    ce:7a:1f:ed:8c:11:bd:12:a8:f3:15:f4:1c:7a:31:69:01:1b:a7:e6
    5d:c0:9a:6c:7e:09:9e:e7:52:44:4a:10:3a:23:e4:9b:b6:03:af:a8
    9c:b4:5b:9f:d4:4b:ad:92:8c:ce:b5:11:2a:aa:37:18:8d:b4:c2:b8
    d8:5c:06:8c:f8:ff:23:bd:35:5e:d4:7c:3e:7e:83:0e:91:96:05:98
    c3:b2:1f:e3:c8:65:eb:a9:7b:5d:a0:2c:cc:fc:3c:d9:6d:ed:cc:fa
    4b:43:8c:c9:d4:b8:a5:61:1c:b2:40:b6:28:12:df:b9:f8:5f:fe:d3
    b2:c9:ef:3d:b4:1e:4b:7c:1c:4c:99:36:9e:3d:eb:ec:a7:68:5e:1d
    df:67:6e:5e:fb:02:03:01:00:01
    Signature algorithm: sha1WithRSAEncryption
    Distribution CRL:
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
    Authority Information Access OCSP:
    http://ocsp.digicert.com
    Use for key: CRL signing, Certificate signing, Digital signature
    Fingerprint:
    42:85:78:55:fb:0e:a4:3f:54:c9:91:1e:30:e7:79:1d:8c:e8:27:05 (sha1)
    c6:8b:99:30:c8:57:8d:41:6f:8c:09:4e:6a:db:0c:90 (md5)

    Certificate identifier: CAs_Trust_3
    Certificate version: 3
    Serial number: 08457721d8ac28f3
    Issuer:
    Organization: Google Inc, Country: US, Common name: Google Internet Authority G2
    Subject:
    Organization: Google Inc, Country: US, State: California, Locality: Mountain View, Common name: *.google.com
    Subject string:
    C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com
    Alternate subject: email empty, youtubeeducation.com, ip empty
    Validity:
    Not before: 03-25-2015 15:50 UTC
    Not after: 06-23-2015 00:00 UTC
    Public key algorithm: ecdsaEncryption(256 bits)
    04:0c:7a:9c:89:70:e6:64:31:ad:54:9a:26:c1:8c:f2:01:38:5b:1c
    67:f2:50:ca:83:8f:02:35:4b:30:ef:3e:13:10:22:7f:be:2b:7c:82
    59:8c:03:d2:c5:b0:41:19:00:92:b5:9e:48:f7:2a:12:ac:40:76:ec
    93:2c:c5:cd:16
    Signature algorithm: sha1WithRSAEncryption
    Distribution CRL:
    http://pki.google.com/GIAG2.crl
    Authority Information Access OCSP:
    http://clients1.google.com/ocsp
    Use for key: Digital signature, TLS Web Server Authentication, 1.3.6.1.5.5.7.3.1, TLS Web Client Authentication, 1.3.6.1.5.5.7.3.2
    Fingerprint:
    50:92:e7:91:16:53:cc:fc:f7:97:dc:e9:54:de:94:68:47:88:c0:fa (sha1)
    31:a0:e4:6d:42:20:11:7a:6e:63:b5:d3:32:be:07:1e (md5)

    Certificate identifier: CAs_Trust_6
    Certificate version: 3
    Serial number: 7ee14a6f6feff2d37f3fad654d3adab4
    Issuer:
    Organization: "VeriSign, Organizational unit: VeriSign Trust Network, Organizational unit: "(c) 2006 VeriSign, Country: US,
    Common name: VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:
    Organization: Symantec Corporation, Organizational unit: Symantec Trust Network, Country: US, Common name: Symantec Class 3 EV SSL CA - G3
    Subject string:
    C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 EV SSL CA - G3
    Validity:
    Not before: 10-31-2013 00:00 UTC
    Not after: 10-30-2023 23:59 UTC
    Public key algorithm: rsaEncryption(2048 bits)
    30:82:01:0a:02:82:01:01:00:d8:a1:65:74:23:e8:2b:64:e2:32:d7
    33:37:3d:8e:f5:34:16:48:dd:4f:7f:87:1c:f8:44:23:13:8e:fb:11
    d8:44:5a:18:71:8e:60:16:26:92:9b:fd:17:0b:e1:71:70:42:fe:bf
    fa:1c:c0:aa:a3:a7:b5:71:e8:ff:18:83:f6:df:10:0a:13:62:c8:3d
    9c:a7:de:2e:3f:0c:d9:1d:e7:2e:fb:2a:ce:c8:9a:7f:87:bf:d8:4c
    04:15:32:c9:d1:cc:95:71:a0:4e:28:4f:84:d9:35:fb:e3:86:6f:94
    53:e6:72:8a:63:67:2e:be:69:f6:f7:6e:8e:9c:60:04:eb:29:fa:c4
    47:42:d2:78:98:e3:ec:0b:a5:92:dc:b7:9a:bd:80:64:2b:38:7c:38
    09:5b:66:f6:2d:95:7a:86:b2:34:2e:85:9e:90:0e:5f:b7:5d:a4:51
    72:46:70:13:bf:67:f2:b6:a7:4d:14:1e:6c:b9:53:ee:23:1a:4e:8d
    48:55:43:41:b1:89:75:6a:40:28:c5:7d:dd:d2:6e:d2:02:19:2f:7b
    24:94:4b:eb:f1:1a:a9:9b:e3:23:9a:ea:fa:33:ab:0a:2c:b7:f4:60
    08:dd:9f:1c:cd:dd:2d:01:66:80:af:b3:2f:29:1d:23:b8:8a:e1:a1
    70:07:0c:34:0f:02:03:01:00:01
    Signature algorithm: sha256WithRSAEncryption
    Distribution CRL:
    http://s1.symcb.com/pca3-g5.crl
    Authority Information Access OCSP:
    http://s2.symcb.com
    Use for key: CRL signing, Certificate signing
    Fingerprint:
    e3:fc:0a:d8:4f:2f:5a:83:ed:6f:86:f5:67:f8:b1:4b:40:dc:bf:12 (sha1)
    df:51:ce:65:bc:43:f9:1b:3e:1e:cf:48:ab:23:36:25 (md5)

    Certificate identifier: CAs_Trust_7
    Certificate version: 3
    Serial number: 18dad19e267de8bb4a2158cdcc6b3b4a
    Issuer:
    Organization: "VeriSign, Organizational unit: VeriSign Trust Network, Organizational unit: "(c) 2006 VeriSign, Country: US,
    Common name: VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:
    Organization: "VeriSign, Organizational unit: VeriSign Trust Network, Organizational unit: "(c) 2006 VeriSign, Country: US,
    Common name: VeriSign Class 3 Public Primary Certification Authority - G5
    Subject string:
    C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2006 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Validity:
    Not before: 11- 8-2006 00:00 UTC
    Not after: 07-16-2036 23:59 UTC
    Public key algorithm: rsaEncryption(2048 bits)
    30:82:01:0a:02:82:01:01:00:af:24:08:08:29:7a:35:9e:60:0c:aa
    e7:4b:3b:4e:dc:7c:bc:3c:45:1c:bb:2b:e0:fe:29:02:f9:57:08:a3
    64:85:15:27:f5:f1:ad:c8:31:89:5d:22:e8:2a:aa:a6:42:b3:8f:f8
    b9:55:b7:b1:b7:4b:b3:fe:8f:7e:07:57:ec:ef:43:db:66:62:15:61
    cf:60:0d:a4:d8:de:f8:e0:c3:62:08:3d:54:13:eb:49:ca:59:54:85
    26:e5:2b:8f:1b:9f:eb:f5:a1:91:c2:33:49:d8:43:63:6a:52:4b:d2
    8f:e8:70:51:4d:d1:89:69:7b:c7:70:f6:b3:dc:12:74:db:7b:5d:4b
    56:d3:96:bf:15:77:a1:b0:f4:a2:25:f2:af:1c:92:67:18:e5:f4:06
    04:ef:90:b9:e4:00:e4:dd:3a:b5:19:ff:02:ba:f4:3c:ee:e0:8b:eb
    37:8b:ec:f4:d7:ac:f2:f6:f0:3d:af:dd:75:91:33:19:1d:1c:40:cb
    74:24:19:21:93:d9:14:fe:ac:2a:52:c7:8f:d5:04:49:e4:8d:63:47
    88:3c:69:83:cb:fe:47:bd:2b:7e:4f:c5:95:ae:0e:9d:d4:d1:43:c0
    67:73:e3:14:08:7e:e5:3f:9f:73:b8:33:0a:cf:5d:3f:34:87:96:8a
    ee:53:e8:25:15:02:03:01:00:01
    Signature algorithm: sha1WithRSAEncryption
    Use for key: CRL signing, Certificate signing
    Fingerprint:
    4e:b6:d5:78:49:9b:1c:cf:5f:58:1e:ad:56:be:3d:9b:67:44:a5:e5 (sha1)
    cb:17:e4:31:67:3e:e2:09:fe:45:57:93:f3:0a:fa:1c (md5)

    Certificate identifier: CAs_Trust_1
    Certificate version: 3
    Serial number: 017152bcc760edc615dd8e4f57c86c0f
    Issuer:
    Organization: DigiCert Inc, Organizational unit: www.digicert.com, Country: US, Common name: DigiCert High Assurance CA-3
    Subject:
    Organization: "Facebook, Country: US, State: CA, Locality: Menlo Park, Common name: *.facebook.com
    Subject string:
    C=US, ST=CA, L=Menlo Park, O="Facebook, Inc.", CN=*.facebook.com
    Alternate subject: email empty, messenger.com, ip empty
    Validity:
    Not before: 08-28-2014 00:00 UTC
    Not after: 10-28-2015 12:00 UTC
    Public key algorithm: ecdsaEncryption(256 bits)
    04:d8:d1:dd:35:bd:e2:59:b6:fb:9b:1f:54:15:8c:db:bf:4e:58:bd
    47:be:b8:10:fc:22:e9:d2:9e:98:f8:49:2a:25:fb:94:46:e4:42:99
    84:50:1c:5f:01:fd:14:25:31:5c:4e:d9:64:fd:c5:0c:b3:46:d2:a1
    bc:70:b4:87:8e
    Signature algorithm: sha1WithRSAEncryption
    Distribution CRL:
    http://crl3.digicert.com/ca3-g29.crl
    http://crl4.digicert.com/ca3-g29.crl
    Authority Information Access OCSP:
    http://ocsp.digicert.com
    Use for key: Key agreement, Digital signature, TLS Web Server Authentication, 1.3.6.1.5.5.7.3.1, TLS Web Client Authentication, 1.3.6.1.5.5.7.3.2
    Fingerprint:
    1f:2c:54:32:74:9e:2b:72:44:69:50:dc:68:7e:b0:e4:d3:ea:de:7a (sha1)
    01:3c:39:86:2a:a5:45:09:8d:97:a7:fb:ed:ef:99:70 (md5)

    Certificate identifier: CAs_Trust_2
    Certificate version: 3
    Serial number: 4da05b6587650f75ad343ae8ce4265d5
    Issuer:
    Organization: "VeriSign, Organizational unit: VeriSign Trust Network, Organizational unit: Terms of use at https:, Country: US,
    Common name: VeriSign Class 3 Secure Server CA - G3
    Subject:
    Organization: Yahoo Inc., Country: US, State: California, Locality: Sunnyvale, Common name: ww1.yahoo.com
    Subject string:
    C=US, ST=California, L=Sunnyvale, O=Yahoo Inc., CN=ww1.yahoo.com
    Alternate subject: email empty, ymail.com, ip empty
    Validity:
    Not before: 03-16-2015 00:00 UTC
    Not after: 04-24-2015 23:59 UTC
    Public key algorithm: rsaEncryption(2048 bits)
    30:82:01:0a:02:82:01:01:00:bd:6b:1f:e1:47:2d:36:f3:5c:88:76
    c8:5e:e9:24:c9:3b:02:fb:6c:17:31:20:c2:65:a0:e5:1f:d7:0b:9c
    6a:91:7c:90:a0:19:c6:29:7c:74:c5:20:88:bf:17:68:a1:f8:c4:ad
    4a:92:ab:52:a2:13:ed:81:5b:ce:06:e2:3f:a4:19:ab:e5:0c:ad:c9
    fd:b1:6d:ea:52:42:ed:b4:99:ad:da:b9:3e:a7:21:4a:df:fb:f2:1c
    84:b4:a1:b4:ba:15:88:10:08:c0:8e:af:e8:9e:70:53:4e:b3:85:5b
    c1:6d:fb:a8:7f:78:ee:95:6e:58:a8:4a:a5:52:de:e7:a3:04:c6:c8
    58:a6:9a:ce:8e:23:2e:86:63:a3:0f:ce:95:6d:2c:65:10:50:ee:b2
    ce:ac:f5:ca:72:f4:5c:ee:87:25:7a:33:3c:be:b2:e5:17:32:31:dd
    d2:92:7d:e2:24:6f:cd:50:ee:eb:d7:cc:64:67:5d:a4:b2:7b:d6:22
    34:65:5b:4d:e1:d3:50:b1:28:62:39:60:42:ad:12:ba:9d:03:6a:ed
    9b:5d:b7:92:a2:cb:e3:50:f9:78:20:a3:44:e2:e1:67:7d:ad:a9:13
    a7:a6:a1:e1:4e:51:fa:1d:c6:06:55:25:95:b8:d8:25:e7:20:04:5a
    93:3e:c8:89:43:02:03:01:00:01
    Signature algorithm: sha1WithRSAEncryption
    Distribution CRL:
    http://sd.symcb.com/sd.crl
    Authority Information Access OCSP:
    http://sd.symcd.com
    Use for key: Key encipherment, Digital signature, TLS Web Server Authentication, 1.3.6.1.5.5.7.3.1, TLS Web Client Authentication, 1.3.6.1.5.5.7.3.2
    Fingerprint:
    ba:32:f6:ed:ec:4a:20:69:d7:fd:93:d6:f2:38:0c:a9:4e:38:ce:f5 (sha1)
    cd:2e:b3:f6:be:7c:b0:62:35:cd:91:a8:51:41:7d:af (md5)

    Certificate identifier: CAs_Trust_10
    Certificate version: 3
    Serial number: 00023456
    Issuer:
    Organization: GeoTrust Inc., Country: US, Common name: GeoTrust Global CA
    Subject:
    Organization: GeoTrust Inc., Country: US, Common name: GeoTrust Global CA
    Subject string:
    C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
    Validity:
    Not before: 05-21-2002 04:00 UTC
    Not after: 05-21-2022 04:00 UTC
    Public key algorithm: rsaEncryption(2048 bits)
    30:82:01:0a:02:82:01:01:00:da:cc:18:63:30:fd:f4:17:23:1a:56
    7e:5b:df:3c:6c:38:e4:71:b7:78:91:d4:bc:a1:d8:4c:f8:a8:43:b6
    03:e9:4d:21:07:08:88:da:58:2f:66:39:29:bd:05:78:8b:9d:38:e8
    05:b7:6a:7e:71:a4:e6:c4:60:a6:b0:ef:80:e4:89:28:0f:9e:25:d6
    ed:83:f3:ad:a6:91:c7:98:c9:42:18:35:14:9d:ad:98:46:92:2e:4f
    ca:f1:87:43:c1:16:95:57:2d:50:ef:89:2d:80:7a:57:ad:f2:ee:5f
    6b:d2:00:8d:b9:14:f8:14:15:35:d9:c0:46:a3:7b:72:c8:91:bf:c9
    55:2b:cd:d0:97:3e:9c:26:64:cc:df:ce:83:19:71:ca:4e:e6:d4:d5
    7b:a9:19:cd:55:de:c8:ec:d2:5e:38:53:e5:5c:4f:8c:2d:fe:50:23
    36:fc:66:e6:cb:8e:a4:39:19:00:b7:95:02:39:91:0b:0e:fe:38:2e
    d1:1d:05:9a:f6:4d:3e:6f:0f:07:1d:af:2c:1e:8f:60:39:e2:fa:36
    53:13:39:d4:5e:26:2b:db:3d:a8:14:bd:32:eb:18:03:28:52:04:71
    e5:ab:33:3d:e1:38:bb:07:36:84:62:9c:79:ea:16:30:f4:5f:c0:2b
    e8:71:6b:e4:f9:02:03:01:00:01
    Signature algorithm: sha1WithRSAEncryption
    Fingerprint:
    de:28:f4:a4:ff:e5:b9:2f:a3:c5:03:d1:a3:49:a7:f9:96:2a:82:12 (sha1)
    f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5 (md5)

    Certificate identifier: CAs_Trust_9
    Certificate version: 3
    Serial number: 00023a76
    Issuer:
    Organization: GeoTrust Inc., Country: US, Common name: GeoTrust Global CA
    Subject:
    Organization: Google Inc, Country: US, Common name: Google Internet Authority G2
    Subject string:
    C=US, O=Google Inc, CN=Google Internet Authority G2
    Validity:
    Not before: 04- 5-2013 15:15 UTC
    Not after: 12-31-2016 23:59 UTC
    Public key algorithm: rsaEncryption(2048 bits)
    30:82:01:0a:02:82:01:01:00:9c:2a:04:77:5c:d8:50:91:3a:06:a3
    82:e0:d8:50:48:bc:89:3f:f1:19:70:1a:88:46:7e:e0:8f:c5:f1:89
    ce:21:ee:5a:fe:61:0d:b7:32:44:89:a0:74:0b:53:4f:55:a4:ce:82
    62:95:ee:eb:59:5f:c6:e1:05:80:12:c4:5e:94:3f:bc:5b:48:38:f4
    53:f7:24:e6:fb:91:e9:15:c4:cf:f4:53:0d:f4:4a:fc:9f:54:de:7d
    be:a0:6b:6f:87:c0:d0:50:1f:28:30:03:40:da:08:73:51:6c:7f:ff
    3a:3c:a7:37:06:8e:bd:4b:11:04:eb:7d:24:de:e6:f9:fc:31:71:fb
    94:d5:60:f3:2e:4a:af:42:d2:cb:ea:c4:6a:1a:b2:cc:53:dd:15:4b
    8b:1f:c8:19:61:1f:cd:9d:a8:3e:63:2b:84:35:69:65:84:c8:19:c5
    46:22:f8:53:95:be:e3:80:4a:10:c6:2a:ec:ba:97:20:11:c7:39:99
    10:04:a0:f0:61:7a:95:25:8c:4e:52:75:e2:b6:ed:08:ca:14:fc:ce
    22:6a:b3:4e:cf:46:03:97:97:03:7e:c0:b1:de:7b:af:45:33:cf:ba
    3e:71:b7:de:f4:25:25:c2:0d:35:89:9d:9d:fb:0e:11:79:89:1e:37
    c5:af:8e:72:69:02:03:01:00:01
    Signature algorithm: sha1WithRSAEncryption
    Distribution CRL:
    http://g.symcb.com/crls/gtglobal.crl
    Authority Information Access OCSP:
    http://g.symcd.com
    Use for key: CRL signing, Certificate signing
    Fingerprint:
    bb:dc:e1:3e:9d:53:7a:52:29:91:5c:b1:23:c7:aa:b0:a8:55:e7:98 (sha1)
    46:f1:bf:2f:24:dd:3a:a9:cf:d7:60:a3:ba:de:5e:c7 (md5)

    Certificate identifier: CAs_Trust_11
    Certificate version: 3
    Serial number: 6ecc7aa5a7032009b8cebcf4e952d491
    Issuer:
    Organization: "VeriSign, Organizational unit: VeriSign Trust Network, Organizational unit: "(c) 2006 VeriSign, Country: US,
    Common name: VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:
    Organization: "VeriSign, Organizational unit: VeriSign Trust Network, Organizational unit: Terms of use at https:, Country: US,
    Common name: VeriSign Class 3 Secure Server CA - G3
    Subject string:
    C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Secure Server CA - G3
    Validity:
    Not before: 02- 8-2010 00:00 UTC
    Not after: 02- 7-2020 23:59 UTC
    Public key algorithm: rsaEncryption(2048 bits)
    30:82:01:0a:02:82:01:01:00:b1:87:84:1f:c2:0c:45:f5:bc:ab:25
    97:a7:ad:a2:3e:9c:ba:f6:c1:39:b8:8b:ca:c2:ac:56:c6:e5:bb:65
    8e:44:4f:4d:ce:6f:ed:09:4a:d4:af:4e:10:9c:68:8b:2e:95:7b:89
    9b:13:ca:e2:34:34:c1:f3:5b:f3:49:7b:62:83:48:81:74:d1:88:78
    6c:02:53:f9:bc:7f:43:26:57:58:33:83:3b:33:0a:17:b0:d0:4e:91
    24:ad:86:7d:64:12:dc:74:4a:34:a1:1d:0a:ea:96:1d:0b:15:fc:a3
    4b:3b:ce:63:88:d0:f8:2d:0c:94:86:10:ca:b6:9a:3d:ca:eb:37:9c
    00:48:35:86:29:50:78:e8:45:63:cd:19:41:4f:f5:95:ec:7b:98:d4
    c4:71:b3:50:be:28:b3:8f:a0:b9:53:9c:f5:ca:2c:23:a9:fd:14:06
    e8:18:b4:9a:e8:3c:6e:81:fd:e4:cd:35:36:b3:51:d3:69:ec:12:ba
    56:6e:6f:9b:57:c5:8b:14:e7:0e:c7:9c:ed:4a:54:6a:c9:4d:c5:bf
    11:b1:ae:1c:67:81:cb:44:55:33:99:7f:24:9b:3f:53:45:7f:86:1a
    f3:3c:fa:6d:7f:81:f5:b8:4a:d3:f5:85:37:1c:b5:a6:d0:09:e4:18
    7b:38:4e:fa:0f:02:03:01:00:01
    Signature algorithm: sha1WithRSAEncryption
    Distribution CRL:
    http://crl.verisign.com/pca3-g5.crl
    Authority Information Access OCSP:
    http://ocsp.verisign.com
    Use for key: CRL signing, Certificate signing
    Fingerprint:
    5d:eb:8f:33:9e:26:4c:19:f6:68:6f:5f:8f:32:b5:4a:4c:46:b4:76 (sha1)
    3c:48:42:0d:ff:58:1a:38:86:bc:fd:41:d4:8a:41:de (md5)

    Certificate identifier: CAs_Trust_12
    Certificate version: 3
    Serial number: 2c48dd930df5598ef93c99547a60ed43
    Issuer:
    Organization: "VeriSign, Organizational unit: VeriSign Trust Network, Organizational unit: "(c) 2006 VeriSign, Country: US,
    Common name: VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:
    Organization: "VeriSign, Organizational unit: VeriSign Trust Network, Organizational unit: Terms of use at https:, Country: US,
    Common name: VeriSign Class 3 Extended Validation SSL SGC CA
    Subject string:
    C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA
    Validity:
    Not before: 11- 8-2006 00:00 UTC
    Not after: 11- 7-2016 23:59 UTC
    Public key algorithm: rsaEncryption(2048 bits)
    30:82:01:0a:02:82:01:01:00:bd:56:88:ba:88:34:64:64:cf:cd:ca
    b0:ee:e7:19:73:c5:72:d9:bb:45:bc:b5:a8:ff:83:be:1c:03:db:ed
    89:b7:2e:10:1a:25:bc:55:ca:41:a1:9f:0b:cf:19:5e:70:b9:5e:39
    4b:9e:31:1c:5f:87:ae:2a:aa:a8:2b:a2:1b:3b:10:23:5f:13:b1:dd
    08:8c:4e:14:da:83:81:e3:b5:8c:e3:68:ed:24:67:ce:56:b6:ac:9b
    73:96:44:db:8a:8c:b3:d6:f0:71:93:8e:db:71:54:4a:eb:73:59:6a
    8f:70:51:2c:03:9f:97:d1:cc:11:7a:bc:62:0d:95:2a:c9:1c:75:57
    e9:f5:c7:ea:ba:84:35:cb:c7:85:5a:7e:e4:4d:e1:11:97:7d:0e:20
    34:45:db:f1:a2:09:eb:eb:3d:9e:b8:96:43:5e:34:4b:08:25:1e:43
    1a:a2:d9:b7:8a:01:34:3d:c3:f8:e5:af:4f:8c:ff:cd:65:f0:23:4e
    c5:97:b3:5c:da:90:1c:82:85:0d:06:0d:c1:22:b6:7b:28:a4:03:c3
    4c:53:d1:58:bc:72:bc:08:39:fc:a0:76:a8:a8:e9:4b:6e:88:3d:e3
    b3:31:25:8c:73:29:48:0e:32:79:06:ed:3d:43:f4:f6:e4:e9:fc:7d
    be:8e:08:d5:1f:02:03:01:00:01
    Signature algorithm: sha1WithRSAEncryption
    Distribution CRL:
    http://EVSecure-crl.verisign.com/pca3-g5.crl
    Authority Information Access OCSP:
    http://EVSecure-ocsp.verisign.com
    Use for key: CRL signing, Certificate signing, Netscape Server Gated Crypto, 2.16.840.1.113730.4.1, 2.16.840.1.113733.1.8.1, 2.16.840.1.113733.1.8.1,
    TLS Web Server Authentication, 1.3.6.1.5.5.7.3.1, TLS Web Client Authentication, 1.3.6.1.5.5.7.3.2
    Fingerprint:
    b1:80:39:89:98:31:f1:52:61:46:67:cf:23:ff:ce:a2:b0:e7:3d:ab (sha1)
    ca:d5:a7:99:dd:90:93:60:b8:7c:31:9b:de:d5:f3:2f (md5)

    security pki local-certificate detail


    Certificate identifier: SELF-SIGNED
    Certificate version: 3
    Serial number: b77f2f6ffa71a11818c25fae7a354f15
    Issuer:
    Domain component: areandina, Domain component: local
    Subject:
    Domain component: areandina, Domain component: local
    Subject string:
    DC=areandina, DC=local
    Alternate subject: "admin@fuaa.edu.co", fuaa.edu.co, 192.168.11.2
    Validity:
    Not before: 03-30-2015 00:49 UTC
    Not after: 03-28-2020 00:49 UTC
    Public key algorithm: rsaEncryption(2048 bits)
    30:82:01:0a:02:82:01:01:00:cb:30:cd:68:ae:50:d9:8b:af:91:7a
    1c:15:a9:f7:aa:80:7a:a0:71:50:59:44:2c:ab:c7:34:49:4f:91:0b
    93:55:72:99:5b:d7:3a:12:da:91:a2:d2:29:d2:ab:d5:2b:b8:f7:bd
    8c:ce:fa:eb:53:db:72:0b:ef:11:c3:24:48:a1:99:4f:79:75:fd:59
    7c:b2:9e:d4:56:6f:f8:51:da:cd:19:a4:a1:a6:98:55:a4:7e:28:09
    f0:4b:e8:7d:46:93:db:96:2f:76:ae:0b:17:bf:4a:53:08:b9:21:57
    99:a6:86:ab:c9:93:ea:e0:bf:9a:dd:b2:e6:b8:45:98:b6:c2:7b:54
    8d:1e:d0:92:21:ca:ff:bb:92:ab:87:f2:12:73:f6:48:aa:b1:e7:91
    49:ef:18:18:78:53:35:52:6d:87:80:7e:fa:67:6f:06:25:6e:fd:04
    db:da:16:9d:17:5f:63:c8:a5:cc:e3:08:20:72:f2:30:01:73:4a:4a
    22:50:7c:df:79:61:30:a6:d0:2d:83:62:45:91:57:21:72:cd:68:53
    ac:63:18:1c:02:3e:f7:45:54:1a:f4:6b:40:0c:89:6a:ef:84:80:7d
    91:04:e3:bb:ef:ce:b3:b2:93:12:c5:fe:c7:4f:1c:73:4f:c0:00:22
    2b:86:df:fc:cf:02:03:01:00:01
    Signature algorithm: sha1WithRSAEncryption
    Use for key: CRL signing, Certificate signing
    Fingerprint:
    77:43:25:2b:f2:bd:17:83:c7:7b:ac:09:cd:9c:4c:1d:58:3c:ef:6b (sha1)
    4c:d3:77:12:3f:44:0d:d0:89:7a:36:ee:df:41:c8:02 (md5)
    Auto-re-enrollment:
    Status: Disabled
    Next trigger time: Timer not started

    Certificate identifier: ssl-inspect-ca
    Certificate version: 3
    Serial number: ffb749fe9a450811
    Issuer:
    Organization: areandina, Organizational unit: security, Country: CO, State: BOG, Locality: BOG, Common name: areandina.edu.co
    Subject:
    Organization: areandina, Organizational unit: security, Country: CO, State: BOG, Locality: BOG, Common name: areandina.edu.co
    Subject string:
    C=CO, ST=BOG, L=BOG, O=areandina, OU=security, CN=areandina.edu.co, emailAddress=admin@areandina.edu.co
    Validity:
    Not before: 04- 6-2015 02:20 UTC
    Not after: 04- 5-2018 02:20 UTC
    Public key algorithm: rsaEncryption(2048 bits)
    30:82:01:0a:02:82:01:01:00:ba:6e:15:6f:70:e2:38:eb:39:ea:9c
    37:df:b8:8a:68:76:19:48:90:bb:f6:c3:1b:f5:f7:d9:af:1e:04:a1
    ba:9a:f9:61:52:f9:fa:47:9f:4f:9e:ef:c2:d9:5c:02:de:b7:42:36
    1a:99:b1:20:66:2e:e7:7f:5a:32:3b:ad:5e:26:0a:1a:09:53:36:ed
    ca:92:2e:a5:85:47:ef:a6:a6:b8:f2:fa:f9:b1:74:e4:d8:0f:68:31
    b1:68:a5:dc:2e:2f:00:d2:5f:34:ed:08:50:02:cc:d8:1f:c4:d9:e2
    ff:65:83:27:ef:3a:1e:50:77:a0:cf:bf:08:cb:5a:f2:4e:25:92:c0
    f6:ea:db:96:07:55:79:5b:11:42:eb:b6:c6:24:d2:43:0c:1b:15:48
    5e:ae:7b:8b:f5:7f:87:37:11:a0:7a:71:5e:9b:16:7c:8b:66:51:81
    94:6b:f8:dd:02:de:f1:2b:33:a7:ef:75:27:2c:bd:b7:3e:fd:a8:c1
    33:c3:1b:a4:47:9b:d8:e2:5b:e7:96:b4:11:04:d2:e0:ab:95:db:f8
    68:c4:6c:ae:e3:fa:cd:ac:7b:10:36:45:73:d4:3f:80:05:ea:34:66
    56:04:9b:a1:3c:91:ad:d2:12:4c:6d:bc:00:32:98:4d:e3:9e:62:fb
    80:3c:ca:4f:6b:02:03:01:00:01
    Signature algorithm: sha1WithRSAEncryption
    Fingerprint:
    ff:c1:e6:40:7f:cd:44:0c:e0:89:46:86:3a:b0:2c:dc:dc:52:79:39 (sha1)
    ac:9b:0a:f9:d9:a2:44:72:47:ca:27:06:c5:16:00:d8 (md5)
    Auto-re-enrollment:
    Status: Disabled
    Next trigger time: Timer not started

    show configuration security pki | display set

    set security pki ca-profile CAs_Trust_1 ca-identity CAs_Trust_1
    set security pki ca-profile CAs_Trust_2 ca-identity CAs_Trust_2
    set security pki ca-profile CAs_Trust_3 ca-identity CAs_Trust_3
    set security pki ca-profile CAs_Trust_4 ca-identity CAs_Trust_4
    set security pki ca-profile CAs_Trust_5 ca-identity CAs_Trust_5
    set security pki ca-profile CAs_Trust_6 ca-identity CAs_Trust_6
    set security pki ca-profile CAs_Trust_7 ca-identity CAs_Trust_7
    set security pki ca-profile CAs_Trust_8 ca-identity CAs_Trust_8
    set security pki ca-profile CAs_Trust_9 ca-identity CAs_Trust_9
    set security pki ca-profile CAs_Trust_10 ca-identity CAs_Trust_10
    set security pki ca-profile CAs_Trust_11 ca-identity CAs_Trust_11
    set security pki ca-profile CAs_Trust_12 ca-identity CAs_Trust_12
    set security pki ca-profile-group CAs_Trust cert-base-count 12

    Thanks

     

     

     



  • 4.  RE: SRX 1400 commit error

    Posted 06-14-2018 15:26

    And this is where you have a problem (certificate expired):

     

    Certificate identifier: ssl-inspect-ca
    Certificate version: 3
    Serial number: ffb749fe9a450811
    Issuer:
    Organization: areandina, Organizational unit: security, Country: CO, State: BOG, Locality: BOG, Common name: areandina.edu.co
    Subject:
    Organization: areandina, Organizational unit: security, Country: CO, State: BOG, Locality: BOG, Common name: areandina.edu.co
    Subject string:
    C=CO, ST=BOG, L=BOG, O=areandina, OU=security, CN=areandina.edu.co, emailAddress=admin@areandina.edu.co
    Validity:
    Not before: 04- 6-2015 02:20 UTC
    Not after: 04- 5-2018 02:20 UTC
    Public key algorithm: rsaEncryption(2048 bits)

     

    Regards

    Leon Smirnov

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too

     



  • 5.  RE: SRX 1400 commit error

    Posted 06-15-2018 07:31

    Thanks for your help,  however I'm noy sure how to proceed after this, is there a way to bypass the issue ? what do I need to do?


    @Brandmajor wrote:

    And this is where you have a problem (certificate expired):

     

    Certificate identifier: ssl-inspect-ca
    Certificate version: 3
    Serial number: ffb749fe9a450811
    Issuer:
    Organization: areandina, Organizational unit: security, Country: CO, State: BOG, Locality: BOG, Common name: areandina.edu.co
    Subject:
    Organization: areandina, Organizational unit: security, Country: CO, State: BOG, Locality: BOG, Common name: areandina.edu.co
    Subject string:
    C=CO, ST=BOG, L=BOG, O=areandina, OU=security, CN=areandina.edu.co, emailAddress=admin@areandina.edu.co
    Validity:
    Not before: 04- 6-2015 02:20 UTC
    Not after: 04- 5-2018 02:20 UTC
    Public key algorithm: rsaEncryption(2048 bits)

     

    Regards

    Leon Smirnov

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too

     


     



  • 6.  RE: SRX 1400 commit error
    Best Answer

    Posted 06-15-2018 09:14

    Well, now that the problem is clear you can fix it.

     

    To fix it you have two options:

    1. remove the ssl_inspect_ca certificate currently loaded and replace it with a valid certificate.

    CLI command examples:

    > clear security pki ca-certificate ca-profile <profile-name>

    follow the KB : https://kb.juniper.net/InfoCenter/index?page=content&id=KB31122

    This should guide you on how to generate the key pair, certificate etc.

     

    2.  If you do not want to load the certificate for now and just get rd of the error. You can simply delete the certificate and its, relevant config.

    CLI commands:

    > clear security pki ca-certificate ca-profile <profile-name>

    > configure

    # delete services ssl proxy profile <profile-name>

    # commit and-quit

     

    Hope this helps!

     

    Regards,

    Kinshuk



  • 7.  RE: SRX 1400 commit error

    Posted 06-15-2018 10:14
    Thanks a lot! I was able to remove the certificate and proxy and now I can make changes