Cisco Bug: CSCvu47480 - Cisco DNA Center should not push revocation check in the trustpoint if it is not used
Sep 10, 2020
- Cisco DNA Center
Known Affected Releases
Symptom: With default trustpoint pushed by Cisco DNA Center: crypto pki trustpoint DNAC-CA enrollment mode ra enrollment terminal usage ssl-client revocation-check crl none messages can be seen on the device: May 26 2020 14:07:09.999 UTC: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint DNAC-CA failed Reason : Enrollment URL not configured. Conditions: This was observed in an installation where Cisco DNA Center is used for device management; however, a certificate revocation list (CRL) is not used.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases