Showing results for 
Search instead for 
Did you mean: 

Node certificate invalid - all switches inactive

Hi community,


I have at least one major issue, perhaps even two.

We have a small demo-lab, one APIC, two leaf switches, one spine. A critical fault (F3031) is raised with a description of "Node Certificate is invalid: Failed to parse the subject line as a valid ACI fabric certificate AND Invalid Serial Number AND Invalid Product ID". The fault is raised for the APIC.

For a time everything went fine, though. We had this fault but nothing really happened. Now I reset the fabric to factory defaults and started building it up from scratch. All nodes are discovered successfully, however they turn to an "inactive" state right after discovery. I have seen this happen in other environments for a short period, maybe up to a couple of minutes but in this case it's been hours now, since the devices have been discovered. I have a hunch this issue might be related to the invalid certificate.

Am I on the right track or are those problems not related? What can I do to get back a valid certificate?


Thank you and kind regards,


Cisco Employee

Re: Node certificate invalid - all switches inactive

In 4.2 we introduced a new cli command "show discoveryissues" which can be run on leaf cli.

the cli basically runs a script in backend and perform multiple checks, certificate check is one of them.


If invalid certificate is the issue, please open a tac case.





Re: Node certificate invalid - all switches inactive

Thank you Gaurav,

unfortunately the switches are still running 3.2(7f) so the command is not available.

I think I'll go with the TAC case. I'll update the discussion when we have a solution.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards