Guest

Preview Tool

Cisco Bug: CSCvv32123 - ESA: CLI websecurity 'System provided certificate' option blocks certificate updates

Last Modified

Aug 18, 2020

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

13.0.0-392

Description (partial)

Symptom:
The CLI WEBSECURITYCONFIG  option for certificate set to 'System provided certificate'  blocks cloud certificate updates. 

Note the "Certificate 'System provided certificate' used." and "System provided certificate used." options under the command are not equal. 
The first will use a builtin certificate and will block cloud certificate updates while the second will allow the cloud to update the client certificate.

Conditions:
You have configured:

> websecurityconfig

URL Filtering is enabled.
No URL list used.
Certificate 'System provided certificate' used.
Web Interaction Tracking is enabled.

And having connectivity issue with SDS cloud and you find in your mail_logs (DEBUG level) the following entries 
Debug: SDS_CLIENT: -XXX days to SDS cert expiry
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.