VPN certificate expired on one VS on a VSX cluster

Martijn — Wed, 13 Dec 2023 16:17:07 GMT

Hi,

For a VS on a VSX Cluster we are getting the following error in SmartConsole:

Error: The VPN Certificate "CN=vsid VPN Certificate,O=mgmt.-server.qqcbfh" expired on Wed XXX 4 16:15:14 2023. To renew it, follow sk178304

The VSX cluster has several VS's and we are only seeing this on one VS. Other VS's are OK. And we are only seeing this on one cluster member for the affected VS.

VPN is not enabled on this VS, but we followed sk178304 to renew the certificate for the VS and the certificate shows a new date.
Published the changes, VS changes got pushed to the VS and we installed the policy. But for one VS on one member, this error remains.

We can push policy to the affected VS without any problems or warnings. And 'vsx stat -v' shows a trust for this VS.
This VS is active within the cluster and is handling traffic. Logs are shown in SmartLog.

Version Management: R81.20 take 41
Version VSX Cluster: R81.20 Take 26
SmartConsole: R81.20 B649

Looks like something cosmetic, but would like to have a correct status in SmartConsole.
Any idea's, tips or suggetions?

Regards,
Martijn

Re: VPN certificate expired on one VS on a VSX cluster

the_rock — Thu, 14 Dec 2023 00:55:30 GMT

Thats bit odd, not sure if it is cosmetic if you say cert shows valid now. Maybe cpstop; cpstart or reboot the mgmt?

Andy

topic Re: VPN certificate expired on one VS on a VSX cluster in Firewall and Security Management

VPN certificate expired on one VS on a VSX cluster

Re: VPN certificate expired on one VS on a VSX cluster