Preview Tool

Cisco Bug: CSCsc45595 - PKI: import fails due to very long validity period beyond 2038

Last Modified

Apr 28, 2019

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)


Importing a certificate fails with the following error:

pix(config)# cry ca authenticate delme
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself

INFO: Certificate has the following attributes:
Fingerprint: be111943 83b80ac7 76c889fd 7a3b1173
Do you accept this certificate? [yes/no]: yes
% Error in saving certificate: status = FAIL

Executing the command with "debug crypto ca 255" will show
the following additional messages:

CRYPTO_PKI: can not set ca cert object (0x703)
RYPTO_PKI: status = 65535: failed to process RA certificate


This problem is caused by a certificate expiration date
beyond the year 2038.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.