Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 815 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate is already used in HPPT based policy, 2 years later...

stanlyn

Hi,

While installing a new certificate, I get the error: "Certificate cannot be deleted. Certificate is already used in HTTP based policy."

Anyone know how to find where a certificate is being used in an XG-135 v17,5?  Two years ago I ran into this same issue and exported the full config and searched and found the rule.  Using the same procedure as I did back then returns no results.  I created a question here then and now all the reference images are gone.  Three hours spent reviewing every rule and none found and this frustrating. 

Does v18 report the location when this happens as it did back on v9 (non XG)?

Any suggestions on how to find the rule or location that is generating this error?

Thanks,

Stanley Barnett



This thread was automatically locked due to age.
Parents
  • +1

    Hello there,

    Thank you for contacting the Sophos Community.

    The CSC log in debug mode should give you some clue as where the certificate might be being used.

    To put csc in debug mode run from the advanced Shell (5>3)

    #csc custom debug

    Then try deleting the certificate from the GUI.

    Stop debugging

    #csc custom debug

    And then grep for the following "delete_certificate"

    # less /log/csc.log | grep "delete_certificate"

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • +1

    Hello there,

    Thank you for contacting the Sophos Community.

    The CSC log in debug mode should give you some clue as where the certificate might be being used.

    To put csc in debug mode run from the advanced Shell (5>3)

    #csc custom debug

    Then try deleting the certificate from the GUI.

    Stop debugging

    #csc custom debug

    And then grep for the following "delete_certificate"

    # less /log/csc.log | grep "delete_certificate"

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
  • 0 in reply to emmosophos

    Thanks Emmanuel, we were able to use your suggestion and finally locate the issue.  A two minute deal took 3-4 hours and only with the help of an engineer.  Anyway, i appreciate your help...

    Does version 18.x provide a better description on any issue that generates a red dialog, "cannot do it" such as this?

    Also, is there better behavior when adding a nat rule to a firewall rule.  I find its very difficult  to change the nat part later as the only way I've been able to get them to work via the wizard.  Once created, I have never been able to predictable get it to work by editing the rule.  I have to delete it and run the wizard again.  Just wondering if a lot has changed concerning this?

    Thanks for the tip above,

    Stanley

  • 0 in reply to stanlyn

    Hello Stanlyn,

    Glad to hear I was able to assist.

    There are some improvements coming on 19.5 GUI related, I think on of them is this.

    For your second issue, if you’re able to replicate the issue, please get a case open, I haven't had this issue on 18.5, but if you have it, it should be investigated, creating the DNAT rule using the Wizard should be the same as creating one from scratch, (well except the Wizard creates 3 rules instead of 1).

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?