THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
|Affected OS Type
|Affected Release Number
1.6, 1.5, 1.4
|PKI broker not working in APIC-EM after July 13, 2018
The APIC-EM Public Key Infrastructure (PKI) broker fails in affected software versions. As a result, the APIC-EM instance becomes unable to provision trustpoints. APIC-EM instances with this problem are not able to generate new device Secure Sockets Layer (SSL) certificates or use the APIC-EM Intelligent WAN (IWAN) application to deploy new hub/branch sites.
The APIC-EM SSL certificate used by the jboss-ejbca service expired on July 13, 2018. This expiration caused most PKI broker operations to fail. The SSL certificate is embedded in the product.
Operations to create new trustpoints fail with this error:
HTTP error code 500 (internal server error)
A fix for this problem will be available in APIC-EM Release 1.6.3. Alternatively, a qualified Cisco engineer can apply a manual patch to affected systems. Contact the Technical Assistance Center (TAC) for assistance with the manual patch.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.