Cisco Bug: CSCta75709 - Unexpected router certificate lifetime after CA auto-rollover
Feb 20, 2018
- Cisco IOS
Known Affected Releases
Symptom: In the context of a PKI with IOS-CA, configured to do auto-rollover, the first certificate issued by the new CA certificate has a lifetime inferior to the one configured on the IOS-CA. This can be seen by looking at the time separating the start date and end date of the certificate, as displayed with the command <CmdBold>show crypto pki certificate<noCmdBold> Conditions: This is seen for the certificate that is retrieved by the router at the same time as it is getting the new CA certificate. Subsequent certificate lifetime is conform to the configured lifetime.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases