Preview Tool

Cisco Bug: CSCsz29041 - ASA: If CA cert import fails will delete id cert under same trustpoint

Last Modified

Nov 08, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.0(4) 8.0(4.28)

Description (partial)


On a PIX/ASA, if  a identity certificate already exists, 
and then  if a CA certificate import fails for the same trustpoint, 
then the security appliance  deletes the identity certificate from the 

'show crypto ca certificate <trustpoint>" will not show the identity

This could happen in cases where the CA certificate is 
invalid  or nothing is copied and pasted and 'quit' is used. 

This could cause the identity cert to be no longer available. 

The id certificate should not be deleted in this case. 


When a CA certificate is imported after the identity certificate
is imported and the CA certificate is invalid or no CA cert is copied and
paste after 'crypto ca authenticiate <trustpoint>' command is used.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.