Guest

Preview Tool

Cisco Bug: CSCvu47480 - Cisco DNA Center should not push revocation check in the trustpoint if it is not used

Last Modified

Sep 10, 2020

Products (1)

  • Cisco DNA Center

Known Affected Releases

DNAC1.3.3.4

Description (partial)

Symptom:
With default trustpoint pushed by Cisco DNA Center:
crypto pki trustpoint DNAC-CA
enrollment mode ra
 enrollment terminal
 usage ssl-client
 revocation-check crl none

messages can be seen on the device:

May 26 2020 14:07:09.999 UTC: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint DNAC-CA failed
                      Reason : Enrollment URL not configured.

Conditions:
This was observed in an installation where Cisco DNA Center is used for device management;  however, a certificate revocation list (CRL) is not used.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.