Guest

Preview Tool

Cisco Bug: CSCvv91834 - CSM is not accepting PKI Enrollment type as "None"

Last Modified

Oct 05, 2020

Products (1)

  • Cisco Security Manager

Known Affected Releases

4.21(0.109)

Description (partial)

Symptom:
As per the current implementation, CSM is accepting the PKI with enrollment type either "Terminal" or "URL" when assigned the same tunnel-group (through SAML).  When selecting enrollment type "None" and pushing changes, we see the following errors:
"Identity Provider and Service Provider Trustpoints in SAML. Identity Provider should have enrollment Type as 'URL'"

On second push you may see:
?ERROR: Trustpoint enrollment configuration cannot be changed for an authenticated trust point.?

Conditions:
Occurs when selecting PKI Enrollment type as "None"
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.