Guest

Preview Tool

Cisco Bug: CSCuw48929 - ENH: ASA cert validation failure debug messages need to be improved

Last Modified

Aug 15, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.6(1)

Description (partial)

Symptom:
When the peer/client certificate validation fails, enabling crypto ca debugs usually throw an error message pointing to revocation check and a status number. such as:
CRYPTO_PKI: Certificate validation: Failed, status: 1823CRYPTO_PKI: PKI Verify Certificate Check Cert Revocation unknown error 1823

This enhancement request will address this and print an accurate error message along with a status message, instead of a number.

Conditions:
ASA configured to authenticate VPN peers' certificate for example
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.