Guest

Preview Tool

Cisco Bug: CSCul97893 - PKI HA:Standby requests confirmation when CA server is deleted on Active

Last Modified

Nov 27, 2020

Products (2)

  • Cisco 2600 Series Multiservice Platforms
  • Cisco 2600 Series Multiservice Platforms

Known Affected Releases

15.2(4)M

Description (partial)

Symptom:
In an IOS PKI HA setup, when the CA server is deleted on the Active router, the Standby router also prompts for confirmation, if logged in through Console. The following prompt is observed:

% CA certificate, Keypair, CRL and database files will be deleted. Do you wish to continue? [yes/no]:

Ideally, this should be seen on the Active router only.

If the administrator is logged in through SSH or TELNET, the prompt is not seen and the CA server is not deleted on the Standby router.

Conditions:
Two routers in HSRP (running 15.4(1)T or higher)configured as CA servers in redundancy as described in

http://www.cisco.com/en/US/customer/prod/collateral/iosswrel/ps6537/ps6586/ps6638/ps6664/configuration_guide__c07_621400.html

and the CA server is deleted on the Active router.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.