Guest

Preview Tool

Cisco Bug: CSCun66354 - https certificate replacement fails

Last Modified

Jun 09, 2016

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

1.3(121.102)

Description (partial)

Symptom:
1) new https certificate is not replacing the default self-signed https certificate using the REST interface
2) after manually marking the newly imported certificate as https certificate through ISE UI, no reboot was prompted
3) after a manual reboot of ISE, ISE still passes the default certificate as https certificate to ASA even though the UI shows the new certificate has https role.
4) after manually marking the https role to the new cert, and manually removing the default self-signed https cert with empty role (in UI), all certificates disappeared from the Local Cert store
5) using REST interface to import all certs, following step 4), the off-prem enrollment fails because default https cert is still passed to ASA as the https cert.

Conditions:
default self signed https certificate is present by default
ISE/MDM build#: 1.3.101.290, 296
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.