Preview Tool

Cisco Bug: CSCuj74574 - Router fails to delete expired ID and CA certificates after rollover

Last Modified

Nov 27, 2020

Products (2)

  • Cisco 2600 Series Multiservice Platforms
  • Cisco 2600 Series Multiservice Platforms

Known Affected Releases

15.3(3)M 15.4(1.1) 15.4(1.1)T

Description (partial)

Router acting as a PKI client fails to delete its expired identity and CA certificates after it has rolled over.
So, the output of "show crypto pki certificate" shows that the router has two sets of certificates:
One set of identity and CA certificates that is current and valid.
Another set of identity and CA certificates that is old and expired.
Both sets of certificates are bound to the same trustpoint.

The issue is seen primarily when the client router has enrolled to an IOS CA via and IOS RA router.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.