Guest

Preview Tool

Cisco Bug: CSCvt37227 - Changing of PKI device certificate lifetime does not work in APIC-EM 1.6.4

Last Modified

Apr 29, 2020

Products (1)

  • Cisco DNA Center

Known Affected Releases

2.100

Description (partial)

Symptom:
Changing a PKI device certificate's lifetime doesn't work in APIC-EM 1.6.4.  As explained in the APIC-EM PKI certificate document, 

PKI Certificate Management:

Changed device certificate lifetime to 1095 (3 years), where CA Root certificate management lifetime is 1895 (5 years).

It is clearly documented not to increase the lifetime of a device certificate to longer than the CA root lifetime.

Applied the settings, and provisioned a new branch site via the IWAN app, and the device certificate still shows 1 year, which is the default value.

Conditions:
Changing a PKI device certificate's lifetime doesn't work in APIC-EM 1.6.4.  As explained in the APIC-EM PKI certificate document, 

PKI Certificate Management:

Changed device certificate lifetime to 1095 (3 years), where CA Root certificate management lifetime is 1895 (5 years).

It is clearly documented not to increase the lifetime of a device certificate to longer than the CA root lifetime.

Applied the settings, and provisioned a new branch site via the IWAN app, and the device certificate still shows 1 year, which is the default value.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.