Cisco Bug: CSCvh59932 - "utils fips_common_criteria enable" Causes Certs To Be Regenerated & System Reboot
Last Modified
Feb 13, 2018
Products (1)
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
12.0(1.10000.10)
Description (partial)
Symptom: Issues the "utils fips_common_criteria enable" command from CLI and CUCM will regenerate all certs along with a node reboot. Conditions: Below is what will be expected when issuing "utils fips_common_criteria enable" and the prompts to be added into the "Command Line Interface Reference Guide for Cisco Unified Communications Solutions, Release 12.0(1)" link as seen here: https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/cli_ref/12_0_1/cucm_b_cli-reference-guide-1201/cucm_b_cucm-cli-reference-guide-1201_chapter_01001.html?bookSearch=true#reference_69C83F668C1B067FAF527F22F2E3395D ****************************************************************************************************************************** admin:utils fips_common_criteria status Server is not in Common Criteria mode. admin:utils fips_common_criteria enable ************************************************************** Warning : TLS 1.0 will be disabled in Common Criteria mode. ************************************************************** This will enable Common Criteria mode and system will reboot. Do you want to continue? (yes/no) : yes Common Criteria requires FIPS mode to be enabled. Do you want to enable FIPS? (yes/no) : yes Security Warning : The operation will regenerate certificates for 1)CallManager 3)IPsec 2)Tomcat 4)TVS 5)CAPF 6)SSH 7)ITLRecovery Any third party CA signed certificates that have been uploaded for the above components will need to be re-uploaded. If the system is operating in mixed mode, then the CTL client needs to be run again to update the CTL file. If there are other servers in the cluster, please wait and do not change the FIPS settings on any other node until the FIPS operation on this node is complete and the system is back up and running. ********************************************************************************* This will change the system to FIPS mode and will reboot. ********************************************************************************* Do you want to continue (yes/no) ? yes Generating certificates... Setting FIPS mode in operating system. FIPS mode enabled. FIPS mode enabled successfully. ******************************************************** It is highly recommended that after your system restarts, a system backup is performed. ******************************************************** The system will reboot in a few minutes. ******************************************************************************************************************************
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases