Guest

Preview Tool

Cisco Bug: CSCvi89947 - PKI service still points to old DNAC cert even after upgrading to 1.1.4

Last Modified

Jun 01, 2018

Products (1)

  • Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM)

Known Affected Releases

DNAC1.1.4

Description (partial)

Symptom:
Certificate pnplabel on the switch should match the certificate downloaded from DNAC during TLS handshake. This is necessary for the PNP process on switch to talk to DNAC else PNP will stop and LAN automation will fail

Conditions:
- When the certificate on the device is different than the certificate downloaded from DNAC during TLS handshake (part of PNP process on the switch/device)
- When either new nodes have joined the DNAC cluster or maglev-config update is executed to update the IP configuration, DNAC creates a new cert.
- However, PKI service which configures the certificate on the device is still pointing to old DNAC certificate
- Because of this mis-match, PNP process cannot proceed and LAN automation times out
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.