Certificate defaultCert cannot be validated; Reason: Could not retrieve CRL

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

May the 4th (+4)
Navigating Paradigm Shifts in Cyber

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hi-

We are seeing this alert every two hours on an open server HA cluster (77.30). Out mgmt server is 80.10 (VM) and other clusters in the environment are all 80.10, also open servers. I've confirmed the cluster throwing the alert can reach the mgmt server. We use this cluster, in part, to collect logs from two Windows Identity Collector servers and this seems to have started at the same time those were stood up. Based on the alert log detail we enabled the VPN blade (it was not enabled previously), renewed the certificate, and disabled the VPN blade (pushing policy along the way). This cluster has never been used as part of VPN proper. Curious to know if folks have thoughts on a potential cause or what I may be able to collect to further investigate? Thank you.

emailed error message
HeaderDateHour: 13Jan2019 15:31:14; ContentVersion: 1; HighLevelLogKey: N/A; Uuid: {0x0,0x0,0x0,0x0}; SequenceNum: N/A; Action: keyinst; Origin: Firewall6; IfDir: >; InterfaceName: daemon; Alert: useralert; OriginSicName: N/A; OriginSicName: ; HighLevelLogKey: 18446744073709551615; scheme:: NA; Validation log:: Certificate defaultCert cannot be validated.; Reason:: Could not retrieve CRL.; Serial num:: ; DN:: CN=EProdCluster VPN Certificate,O=mgmt101.domainname.com.hppeee ; Instruction:: If this log persists, contact the CA administrator.; fw_subproduct: VPN-1; vpn_feature_name: IKE; ProductName: VPN-1 & FireWall-1; ProductFamily: Network; HeaderDateHour: 13Jan2019 15:31:17; ContentVersion: 1; HighLevelLogKey: N/A; Uuid: {0x0,0x0,0x0,0x0}; SequenceNum: N/A; Action: keyinst; Origin: Firewall7; IfDir: >; InterfaceName: daemon; Alert: useralert; OriginSicName: N/A; OriginSicName: ; HighLevelLogKey: 18446744073709551615; scheme:: NA; Validation log:: Certificate defaultCert cannot be validated.; Reason:: Could not retrieve CRL.; Serial num:: ; DN:: CN=EProdCluster VPN Certificate,O=mgmt101.domainname.com.hppeee ; Instruction:: If this log persists, contact the CA administrator.; fw_subproduct: VPN-1; vpn_feature_name: IKE; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;

emailed error message

HeaderDateHour: 13Jan2019 15:31:14; ContentVersion: 1; HighLevelLogKey: N/A; Uuid: {0x0,0x0,0x0,0x0}; SequenceNum: N/A; Action: keyinst; Origin: Firewall6; IfDir: >; InterfaceName: daemon; Alert: useralert; OriginSicName: N/A; OriginSicName: ; HighLevelLogKey: 18446744073709551615; scheme:: NA; Validation log:: Certificate defaultCert cannot be validated.; Reason:: Could not retrieve CRL.; Serial num:: ; DN:: CN=EProdCluster VPN Certificate,O=mgmt101.domainname.com.hppeee ; Instruction:: If this log persists, contact the CA administrator.; fw_subproduct: VPN-1; vpn_feature_name: IKE; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;

HeaderDateHour: 13Jan2019 15:31:17; ContentVersion: 1; HighLevelLogKey: N/A; Uuid: {0x0,0x0,0x0,0x0}; SequenceNum: N/A; Action: keyinst; Origin: Firewall7; IfDir: >; InterfaceName: daemon; Alert: useralert; OriginSicName: N/A; OriginSicName: ; HighLevelLogKey: 18446744073709551615; scheme:: NA; Validation log:: Certificate defaultCert cannot be validated.; Reason:: Could not retrieve CRL.; Serial num:: ; DN:: CN=EProdCluster VPN Certificate,O=mgmt101.domainname.com.hppeee ; Instruction:: If this log persists, contact the CA administrator.; fw_subproduct: VPN-1; vpn_feature_name: IKE; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;