Guest

Preview Tool

Cisco Bug: CSCul97893 - PKI HA:Standby requests confirmation when CA server is deleted on Active

Last Modified

Oct 14, 2019

Products (9)

  • Cisco IOS
  • Cisco 7301 Router
  • Cisco 7206 Router
  • Cisco 7204 Router
  • Cisco 7206VXR Router
  • Cisco 7202 Router
  • Cisco 7200 Series NPE-G2 Network Processing Engine
  • Cisco 7204VXR Router
  • Cisco 7201 Router

Known Affected Releases

15.2(4)M

Description (partial)

Symptom:
In an IOS PKI HA setup, when the CA server is deleted on the Active router, the Standby router also prompts for confirmation, if logged in through Console. The following prompt is observed:

% CA certificate, Keypair, CRL and database files will be deleted. Do you wish to continue? [yes/no]:

Ideally, this should be seen on the Active router only.

If the administrator is logged in through SSH or TELNET, the prompt is not seen and the CA server is not deleted on the Standby router.

Conditions:
Two routers in HSRP (running 15.4(1)T or higher)configured as CA servers in redundancy as described in

http://www.cisco.com/en/US/customer/prod/collateral/iosswrel/ps6537/ps6586/ps6638/ps6664/configuration_guide__c07_621400.html

and the CA server is deleted on the Active router.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.