Cisco Bug: CSCuw33918 - ASA PKI ECDSA Pending terminal enrollment even though cert enrolled
Nov 28, 2018
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: After importing the signed identity certificate the "show crypto ca certificates" show the new certificate, but still there is the state "Status: Pending terminal enrollment": show crypto ca certificates Certificate Status: Available Certificate Serial Number: 04 Certificate Usage: Signature Public Key Type: ECDSA (384 bits) Signature Algorithm: SHA384 with ECDSA Encryption Issuer Name: cn=SUB-ECDSA-384 dc=lab dc=local Subject Name: cn=ASA dc=lab dc=local Validity Date: start date: 14:13:00 CEST Sep 21 2015 end date: 14:13:00 CEST Sep 21 2016 Associated Trustpoints: ASA-ecdsa ... Certificate Subject Name: Name: ASA.lab.local Status: Pending terminal enrollment Key Usage: General Purpose Fingerprint: 38cfe9e2 cc1c8948 95428e3f 78044b8f Associated Trustpoint: ASA-ecdsa Only reload will remove the state. This is a cosmetic defect. Conditions: RSA key RootCA ECDSA key SubCA ECDSA key identity The identity certificate and subca certificates are in one trustpoint. E.G.: 1. Root CA trustpoint is created and authenticated. 2. Identity trustpoint is created and authenticated. 3. Identity certificate is enrolled. 4. Signed identity certificate is imported.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases