Guest

Preview Tool

Cisco Bug: CSCtf24991 - RSA keys are not syncronized through failover in Multi-Context Mode

Last Modified

Jul 28, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.2(2)

Description (partial)

Symptom:
When importing an ID (device) certificate on an active ASA in multi-context mode, the certificate fails to show up in the standy ASA's config. A corresponding message similar to: "ERROR: Public key contained in the device certificate doesn't match the device's public key bxb2008-SAN4 configured for trustpoint bxb2008-SAN4." may appear.

It may also be observed that when the primary ASA is rebooted and comes up in standby mode, the certificate is no longer present in the running config or that the certificate never appears on the standby ASA.

Conditions:
Multi-context mode, importing/requesting a certificate with an RSA key that was created on the ASA.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.