Guest

Preview Tool

Cisco Bug: CSCta75709 - Unexpected router certificate lifetime after CA auto-rollover

Last Modified

Feb 20, 2018

Products (1)

  • Cisco IOS

Known Affected Releases

12.4(15)T9

Description (partial)

Symptom:
In the context of a PKI with IOS-CA, configured to do auto-rollover,
the first certificate issued by the new CA certificate has a lifetime inferior to the one configured on the IOS-CA.

This can be seen by looking at the time separating the start date and end date of the certificate, as displayed with the command 
<CmdBold>show crypto pki certificate<noCmdBold>
Conditions:
This is seen for the certificate that is retrieved by the router at the same time as it is getting the new CA certificate.

Subsequent certificate lifetime is conform to the configured lifetime.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.