Cisco Bug: CSCvu36545 - Certificate installation fails on CMX due to expired CRL
Jul 15, 2020
- Cisco Mobility Services Engine
Known Affected Releases
Symptom: ERROR: CMX Certificate validation against CRL FAILED. /opt/cmx/srv/certs/crl/server_temp.pem: DC = local, DC = fll-airport, CN = fll-airport-FLLCA01-CA error 12 at 0 depth lookup:CRL has expired OK ERROR: Validation is unsuccessful (err code = 4) If CRLs are expired, CMX will detect this and although it shows an "OK" message, both these things mean that even though CRL has expired, the openssl considers this certificate validation as success (it ignores the expired CRL). But CMX code treats this as error (as it sees the output ?CRL has expired?) and hence it marks the validation as unsuccessful. Conditions: None at this time.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases