Cisco Bug: CSCsz29041 - ASA: If CA cert import fails will delete id cert under same trustpoint
Nov 08, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: On a PIX/ASA, if a identity certificate already exists, and then if a CA certificate import fails for the same trustpoint, then the security appliance deletes the identity certificate from the confgiuration. 'show crypto ca certificate <trustpoint>" will not show the identity certificate. This could happen in cases where the CA certificate is invalid or nothing is copied and pasted and 'quit' is used. This could cause the identity cert to be no longer available. The id certificate should not be deleted in this case. Conditions: When a CA certificate is imported after the identity certificate is imported and the CA certificate is invalid or no CA cert is copied and paste after 'crypto ca authenticiate <trustpoint>' command is used.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases