Guest

Preview Tool

Cisco Bug: CSCvu36545 - Certificate installation fails on CMX due to expired CRL

Last Modified

Jul 15, 2020

Products (1)

  • Cisco Mobility Services Engine

Known Affected Releases

10.6(2.89)

Description (partial)

Symptom:
ERROR: CMX Certificate validation against CRL FAILED.
/opt/cmx/srv/certs/crl/server_temp.pem: DC = local, DC = fll-airport, CN = fll-airport-FLLCA01-CA error 12 at 0 depth lookup:CRL has expired OK
ERROR: Validation is unsuccessful (err code = 4)

If CRLs are expired, CMX will detect this and although it shows an "OK" message, both these things mean that even though CRL has expired, the openssl considers this certificate validation as success (it ignores the expired CRL).
But CMX code treats this as error (as it sees the output ?CRL has expired?) and hence it marks the validation as unsuccessful.

Conditions:
None at this time.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.