I am trying to load a configuration on my WSA appliance and I am receiving this error:
Error - Configuration File was not loaded. Parse Error on element "wga_config" line number 1090 column 15: Error in certificate validation: Signing key has expired.
I have loaded configs and the past and had No problems, can someone tell me what this msg means?
The error advised that the signing certificate in the appliance has been expired.
You can check the expiry date of the certificate from your HTTPS proxy page (GUI -> Security Services -> HTTPS proxy)
Thanks for your response
basically i am trying to restore the config from c160 to c170 box and stuck in WSA_config
What needs to done to bypass this error , the mentioned option is disabled ( https-proxy) in c160 config
Can you confirm the appliance is WSA or ESA since C160/C170 is Email security appliance not WSA.
Are you able to share the configuration file for me have a look.
Alternatively open TAC case for them to investigate which cert that showing as expired from the config file.
I think you are referring to S160 model for WSA since anything that has C in front of it is dedicated for Email Security Appliance (ESA) not WSA.
would suggest open a TAC case for the engineer to check which cert in the config file that showing as expired
You can also search the cert from the config file:
- Open the config file using XML editor
- Search for any cert keywords such as: generated_cert or secure_auth_cert or uploaded_cert
- copy the cert and use SSLshopper to help you decode the cert to see if its still valid:
- If its showing expired, you can replaced it or delete it if the certs are generated cert or uploaded cert or you can use the cert that you have from the replacement unit and paste it to the same section of the configuration file that you need to loads.
However still recommend to contact TAC for further assistance
thanks for your kind support , indeed cert expired
i may need to raise tac now
If you are confident, you can perform below:
- save the configuration file from the S170
- Go to the same section for that certificate from the S170 configuration file and check if the cert is valid.
- If its valid you can copy them (you will need to copy from the cert_name, the cert it self and the key)
- Then paste them(in the exact section in the config file) to the existing configuration file that you want to upload
If not you can always open TAC case to get assistance
That is strange.
You will need TAC case for them to use their internal WSA appliances that are still valid and edited your configuration file.
I got the same problem and opened a TAC case.
The engineer told me to delete everything between those tags:
Loading the config into the appliance worked just fine.