Guest

Preview Tool

Cisco Bug: CSCvt64068 - Two switch declare the same Node-ID caused the pkiFabricNodeSSLCertificate invalid

Last Modified

Jul 25, 2020

Products (1)

  • Cisco Application Policy Infrastructure Controller (APIC)

Known Affected Releases

4.0(1h)

Description (partial)

Symptom:
Node certificate is correct, but APIC declares pkiFabricNodeSSLCertificate of the node as invalid:
pkiFabricNodeSSLCertificate
...
issuer : /O=Cisco Systems/CN=Cisco Manufacturing CA
keySize : 1024
lcOwn : local
message : Local AND Invalid Serial Number
...
serialNumber : <Node_SN>
signatureAlgorithm : sha1WithRSAEncryption
subject : /serialNumber=PID:N9K-C9364C SN:<Node_SN>/CN=<Node_SN>
validCertificate : no

Conditions:
During maintenance (moving nodes between PODs) customer had two switches connected in the fabric with same node-ID. It triggered certificate invalidation
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.