Cisco Bug: CSCvh89828 - FMC: Certificate Parameters (Cert Enrollment object) inputs should be validated
Apr 25, 2019
- Cisco Firepower Management Center
Known Affected Releases
Symptom: When creating a Cert Enrollment object (Objects > Object Management > PKI > Cert Enrollment > Add Cert Enrollment) you may enter any characters into the fields. There is not any kind of input validation nor hint indicating which characters are supported. If you enter an special character like & (ampersand) this will be accepted (e.g. O = Cisco & Friends) and once you go to Devices > Certificates to associate this Cert Enrollment to a Device and click on Add, the certificate won't be installed and the following error message will be displayed: "Unable to deploy configuration on the device, please check the device connectivity" Above error message is totally misleading. If 'pigtail deploy' is run on FTD on expert mode, we are going to be able to catch the following error: NGFW: 02-07 21:45:40 ccm Thread-9: ERROR com.cisco.ngfw.messages.JibxXMLUtility- Stacktrace NGFW: 02-07 21:45:40 Error parsing document (line 15, col 97) NGFW: 02-07 21:45:40 org.xmlpull.v1.XmlPullParserException: entity reference names can not start with character ' ' (position: TEXT seen ...ificate will be: O=Cisco & ... @15:97) FMC Certificate Parameters UI should give a hint and have an input validation mechanism to detect which characters are valid and which not . Conditions: This problem only happens when the Enrollment Type of the Cert Enrollment object is set to Manual. Ampersand (&) character will be accepted if Enrollment Type is set to Self Signed Certificate or SCEP.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases