Preview Tool

Cisco Bug: CSCuj74574 - Router fails to delete expired ID and CA certificates after rollover

Last Modified

Mar 12, 2020

Products (73)

  • Cisco IOS
  • Cisco 2951 Integrated Services Router
  • Cisco C897VA Integrated Services Router
  • Cisco VG204XM Analog Voice Gateway
  • Cisco 812 CiFi Integrated Services Router
  • Cisco 888W Integrated Services Router
  • Cisco 892W Integrated Services Router
  • Cisco 819 Hardened Integrated Services Router
  • Cisco 881SRSTW Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.3(3)M 15.4(1.1) 15.4(1.1)T

Description (partial)

Router acting as a PKI client fails to delete its expired identity and CA certificates after it has rolled over.
So, the output of "show crypto pki certificate" shows that the router has two sets of certificates:
One set of identity and CA certificates that is current and valid.
Another set of identity and CA certificates that is old and expired.
Both sets of certificates are bound to the same trustpoint.

The issue is seen primarily when the client router has enrolled to an IOS CA via and IOS RA router.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.