Preview Tool

Cisco Bug: CSCuo29299 - ISR CRL retrieval works with http not allowed on COPP management int

Last Modified

Nov 27, 2020

Products (89)

  • Cisco 2600 Series Multiservice Platforms
  • Cisco 886VAG 3G Integrated Services Router
  • Cisco 888W Integrated Services Router
  • Cisco 819 Hardened Integrated Services Router
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
  • Cisco VG204XM Analog Voice Gateway
  • Cisco 861W Integrated Services Router
  • Cisco C892FSP Integrated Services Router
  • Cisco 812 CiFi Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.2(4)M 15.4(1)T1

Description (partial)

Even though COPP does not allow HTTP, CRL retrieval works fine on ISRs. 
On ASRs however, this feature works as expected.

ISR with COPP configured to block certain management-access protocols including HTTP:

control-plane host
  management-interface gig0/0 allow tftp

This box also acts as a PKI client, where it has to download CRL using HTTP [while validating certificates] sourced from this management-interface
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.