Guest

Preview Tool

Cisco Bug: CSCvh73506 - CBR8 cant load the certificate from the Arris TG1652A

Last Modified

Aug 20, 2019

Products (1)

  • Cisco cBR Series Converged Broadband Routers

Known Affected Releases

15.6(1)S3.18

Description (partial)

Symptom:
1. Some modems stuck in reject(pk) state in one LC.

2. below error messages on that LC after enable "debug cable privacy ca-cert":

CLC 6/0: Jan 26 20:16:10.369: CRYPTO_PKI: converting certificate to DER failed
CLC 6/0: Jan 26 20:16:10.369:  Could not PKI_AddPeerCertificate for 28c8.7aed.2e22

3. Active PKI session reach to the max 899:

Slot-9-0#show crypto pki counters
PKI Sessions Started: 2352
PKI Sessions Ended: 1453
PKI Sessions Active: 899
Successful Validations: 1429
Failed Validations: 0
Bypassed Validations: 0
Pending Validations: 0
CRLs checked: 0
CRL - fetch attempts: 0
CRL - failed attempts: 0
CRL - rejected busy fetching: 0
AAA authorizations: 0
Slot-9-0#

Conditions:
This issue happens when some modems sends the bad certificate to cBR8.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.