Certificate signing failed: Device not found

Hi,

Since you've already followed all the steps on the KB and still the issue remain, kindly reach out to Sophos Support https://soph.so/SophosSupport and create a case#

Also, Kindly indicate the following information needed.

community.sophos.com/.../sophos-firewall-license-sync-failed

1. Are you facing this issue after an RMA/replacement of the device?
2. Share the error message which you receive while syncing the license from the web GUI?
3. As mentioned in step-1, share the snap/picture of the subscription from your licensing portal.
4. As mentioned in step-2, share the outputs of nslookup, tcpdump, logs(licensing.log), and openssl commands.
5. How many ISPs do you have?
6. If you have multiple ISPs - Have you tried with SYSNAT or SD WAN route? Please share the snapshot of the configuration.
7. Share the output of the page certificate > Certificate authority.
8. Enable support tunnel and share the access ID as per KBA - https://support.sophos.com/support/s/article/KB-000035546?language=en_US.

Hi,

double checked the link again:

opcode getpublickey -ds nosync
200 OK

The directory containing certifiacte is empty.

SFVH_SO01_SFOS 19.0.1 MR-1-Build365# ls -larth /content/licensing/
drwxr-xr-x   26 root     0           1.0K Dec 30 10:24 ..
drwxr-xr-x    2 root     0           1.0K Dec 30 12:38 .

1) actually not, I am using a virtual appliance

2)

3.

4.

SFVH_SO01_SFOS 19.0.1 MR-1-Build365# tail -f /log/licensing.log
INFO      Dec 30 11:38:48Z [4147910400]: --requestType = 8
INFO      Dec 30 11:38:48Z [4147910400]: --serial = ################
INFO      Dec 30 11:38:48Z [4147910400]: --fwversion = 19.0.1.365
INFO      Dec 30 11:38:48Z [4147910400]: --cert = /content/licensing/lic_csr.pem
INFO      Dec 30 11:38:48Z [4147910400]: --key = /content/licensing/lic_csr.key
INFO      Dec 30 11:38:48Z [4147910400]: --token = Token-Id:################
INFO      Dec 30 11:38:48Z [4147910400]: URL : eu-prod-utm.soa.sophos.com/.../appliance
INFO      Dec 30 11:38:48Z [4147910400]: licensing_do_applianceupdate : request : { "serialNumber": "################", "applianceAttributes": [ { "name": "firmwareVersion", "value": "19.0.1.365" } ] }
ERROR     Dec 30 11:38:48Z [4147910400]: curl_easy_perform(58) failed: Problem with the local SSL certificate
ERROR     Dec 30 11:38:48Z [4147910400]: licensing_do_applianceupdate() : Problem in contacting Server

Nslookup working fine:

telnet as well

SFVH_SO01_SFOS 19.0.1 MR-1-Build365# telnet eu-prod-utm.soa.sophos.com 443
Trying 54.171.170.20...
Connected to eu-prod-utm.soa.sophos.com.

Openssl connection working as well:

5. not using different ISPs

6. Using only one

7.

8. activated Support ID:

9. cannot open support case - due its a Home License

System Diagnostics here:

Worked after reinstall with new license.

Hi,

Glad to hear that.

I am experiencing this same issue.  Is there another solution besides reinstalling and generating a new license?

Hey Dan Norman , can you share the licesning.log from your appliance ?

SFVH_SO01_SFOS 19.0.2 MR-2-Build472# tail -f licensing.log
INFO Mar 04 16:11:17Z [4147730176]: --requestType = 8
INFO Mar 04 16:11:17Z [4147730176]: --serial = C01001FBWY4FKFA
INFO Mar 04 16:11:17Z [4147730176]: --fwversion = 19.0.2.472
INFO Mar 04 16:11:17Z [4147730176]: --cert = /content/licensing/lic_csr.pem
INFO Mar 04 16:11:17Z [4147730176]: --key = /content/licensing/lic_csr.key
INFO Mar 04 16:11:17Z [4147730176]: --token = Token-Id:C01001FBWY4FKFA
INFO Mar 04 16:11:17Z [4147730176]: URL : eu-prod-utm.soa.sophos.com/.../appliance
INFO Mar 04 16:11:17Z [4147730176]: licensing_do_applianceupdate : request : { "serialNumber": "C01001FBWY4FKFA", "applianceAttrib
ERROR Mar 04 16:11:17Z [4147730176]: curl_easy_perform(58) failed: Problem with the local SSL certificate
ERROR Mar 04 16:11:17Z [4147730176]: licensing_do_applianceupdate() : Problem in contacting Server
INFO Mar 04 16:49:27Z [4147611392]: --requestType = 2
INFO Mar 04 16:49:27Z [4147611392]: --lastCheckCode = cd18d0ef-21f1-469a-90b1-9ba2ea6d4e73
INFO Mar 04 16:49:27Z [4147611392]: --cert = /content/licensing/lic_csr.pem
INFO Mar 04 16:49:27Z [4147611392]: --token = Token-Id:C01001FBWY4FKFA
INFO Mar 04 16:49:27Z [4147611392]: --key = /content/licensing/lic_csr.key
INFO Mar 04 16:49:27Z [4147611392]: URL : eu-prod-utm.soa.sophos.com/.../license
INFO Mar 04 16:49:34Z [4147611392]: response : {"errorCode":"ITSERVICELAYER_CLIENT_AUTHENTICATION_ERROR","message":"Authentication
ERROR Mar 04 16:49:34Z [4147611392]: license_check failed : Authentication failed
ERROR Mar 04 16:49:34Z [4147611392]: licensing_do_licensecheck() :parsing response failed...
####################################################
generate certificate signing request (CSR) Sat Mar 4 11:49:35 EST 2023

Sat Mar 4 11:49:37 EST 2023 certificate signing request generated with status :: 0

####################################################
INFO Mar 04 16:49:37Z [4148328192]: --requestType = 4
INFO Mar 04 16:49:37Z [4148328192]: --serial = C01001FBWY4FKFA
INFO Mar 04 16:49:37Z [4148328192]: --deviceid = aeb06477-0eb8-46e6-86bd-4fdabf2669ab
INFO Mar 04 16:49:37Z [4148328192]: --cert = /_conf/certificate/licensing/mfgr_vendor_SO.pem
INFO Mar 04 16:49:37Z [4148328192]: --key = /_conf/certificate/licensing/mfgr_vendor_SO.key
INFO Mar 04 16:49:37Z [4148328192]: URL : eu-prod-csr.soa.sophos.com/.../signing
INFO Mar 04 16:49:37Z [4148328192]: certificate_signing_request() : request : { "serialNumber":"C01001FBWY4FKFA", "deviceId":"aeb0
MIIDIjCCAgoCAQAwgZcxCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtPeGZvcmRzaGly
ZTERMA8GA1UEBwwIQWJpbmdkb24xFDASBgNVBAoMC1NvcGhvcyBMdGQuMQwwCgYD
VQQLDANOU0cxGzAZBgNVBAMMElNGX0MwMTAwMUZCV1k0RktGQTEeMBwGCSqGSIb3
DQEJARYPaW5mb0Bzb3Bob3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAq+sNoyzUI0qqy4xPXDj662V+yDlEvrwf0KeN7AzfUyYyUDRPSr6YvD97
Hx9nYz+29W0SJxSV2EMVFEVNvmW3TT9dvAU9Bpfx5EXbgIfv2I5eKfHc4aNZWILZ
R82v/MhMrbPlLw2hGuKyMfMaP7tOBS1rr2R/zbk+C4SXQcEx7WdlfdaYB1t6MBiD
1iq55NiZda+ekQwP2zqG6ueUQHOu15h6TmUxUh6dYgI2XRz2PFCeNJE4P1PRXkM1
nANL/NKsiPmTXJf1CQmS7JiRHdmAVA67RhqeeD2ftxvxK+9aTw/dlEdWqPtrPQ52
R8GLS/KNJhM2P5f56eaIneW++GR0QQIDAQABoEUwGgYJKoZIhvcNAQkCMQ0MC1Nv
cGhvcyBMdGQuMCcGCSqGSIb3DQEJDjEaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BeAwDQYJKoZIhvcNAQELBQADggEBAG40kKEkA1L5OLpaT60XK+rhj0oTFu13yU7g
P3bymCVrn//lUMY/M6Bx/W6KYb24IEsOAEGISNARJfN8xOxByChoS3AsFReZ6Vck
o+05arHwjiAlg8GLhxCvDvkxqzLWQYqT4EKi9dfpunhyCcgWywynOforIzYcMQFA
buKmqSytP727Ef5xMXqLeeaZPXs54IfN0c6xtBZ3sJxrUh3y3bRdbXEALo94rGHU
fgMDga9y37DbrMSzOwcPBdsQ5wY9plGSQaTft3fIOTAy3rxFR52aPNDHANhI0wdx
bCdwV1X/k82+D+Qri9vuBgOAkus3GMU3mY/I0EJ1FfCr6MMe9Bg=
-----END CERTIFICATE REQUEST-----
"}
INFO Mar 04 16:49:37Z [4148328192]: certificate_signing_request() : response : {"errorCode":"ITSERVICELAYER_DEVICE_NOTFOUND_ERROR"

ERROR Mar 04 16:49:37Z [4148328192]: Certificate signing Failed : Device not found...:(
ERROR Mar 04 16:49:37Z [4148328192]: certificate signing request() : parsing failed...
INFO Mar 04 16:49:39Z [4147713792]: --requestType = 8
INFO Mar 04 16:49:39Z [4147713792]: --serial = C01001FBWY4FKFA
INFO Mar 04 16:49:39Z [4147713792]: --fwversion = 19.0.2.472
INFO Mar 04 16:49:39Z [4147713792]: --cert = /content/licensing/lic_csr.pem
INFO Mar 04 16:49:39Z [4147713792]: --key = /content/licensing/lic_csr.key
INFO Mar 04 16:49:39Z [4147713792]: --token = Token-Id:C01001FBWY4FKFA
INFO Mar 04 16:49:39Z [4147713792]: URL : eu-prod-utm.soa.sophos.com/.../appliance
INFO Mar 04 16:49:39Z [4147713792]: licensing_do_applianceupdate : request : { "serialNumber": "C01001FBWY4FKFA", "applianceAttrib
ERROR Mar 04 16:49:40Z [4147713792]: curl_easy_perform(58) failed: Problem with the local SSL certificate
ERROR Mar 04 16:49:40Z [4147713792]: licensing_do_applianceupdate() : Problem in contacting Server

Also my license directory is empty:

SFVH_SO01_SFOS 19.5.1 MR-1-Build278# ls -lah /content/licensing/
drwxr-xr-x 2 root 0 1.0K Mar 5 21:00 .
drwxr-xr-x 28 root 0 1.0K Mar 5 17:32 ..
SFVH_SO01_SFOS 19.5.1 MR-1-Build278#

Hey Dan Norman ,

check the device-ID with the command in console> system diagnostics show version-info

raise a query with customer care and see if the device it with the licensing team matches with the device-ID on your appliance ?

The Device ID matches from the following two commands:

- console> system diagnostics show version-info
- # opcode getpublickey -ds nosync

What is the link for customer care?

Hi Dan,

You may reach customer care via the following Link https://soph.so/SophosCustomerCare

Select the nearest region on the Critical Cases to determine the contact information.

Hi Dan,

You may reach customer care via the following Link https://soph.so/SophosCustomerCare

Select the nearest region on the Critical Cases to determine the contact information.