Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
879
Views
0
Helpful
6
Replies

Error in DNAC-Template CLI + Velocity

Go to solution
michael-bentley
Level 1
Level 1

‎11-11-2024 01:01 AM - edited ‎11-11-2024 01:23 AM

Hello Community, 
i am pretty new to this. i try to update the certificate of an Trustpoint via CLI-Template ( Velocity ) for an C9300l-Switch
Everything i try gives me an error.
Here is what im trying to do:

#MODE_ENABLE
##!INTERACTIVE

crypto pki authenticate trustpointname
-----BEGIN CERTIFICATE-----
content of PEM-File
-----END CERTIFICATE-----
quit

##!ENDS_INTERACTIVE
#END_MODE_ENABLE

Errormessage:

Message: Unable to push the invalid CLI to the device 172.X.X.X using protocol ssh2. Invalid CLI - Current output : crypto pki authenticate Trustpointname

Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself



I dont underrstand, what the Issue is, can someone please help? 
With kind regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Preston Chilcote
Cisco Employee
Cisco Employee

‎11-12-2024 03:24 PM

Since the certificate is more than one line of text, you'll need to use the <MLTCMD> tag.

This thread talks about what that would look like for both Prime and Cat Center

https://community.cisco.com/t5/network-management/cisco-prime-infrastructure-cli-templates-for-crypto-key/td-p/3781651

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Flavio Miranda
VIP
VIP

‎11-11-2024 02:39 AM

@michael-bentley 

 If this DNAC is 2.3.5.3 check the Bug CSCwh39165

https://bst.cisco.com/quickview/bug/CSCwh39165

Description (partial)
Symptom: Applying a template to a device managed by Cisco DNA Center may fail citing the error, "Message: Unable to push the invalid CLI to the device x.x.x.x using protocol ssh2. Invalid CLI - 'interface $item'. Command Output : interface $item interface $item
0 Helpful

Go to solution
michael-bentley
Level 1
Level 1
In response to Flavio Miranda

‎11-11-2024 02:55 AM - edited ‎11-11-2024 03:01 AM

Hello Flavio, 

i am running Catalyst Center 2.3.7.6 . 

I think there is something wrong with my commands... i just cant figure out,, what it is

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to michael-bentley

‎11-11-2024 03:28 AM

The Bug has no fixed release, which means, your version can be affected. The message is quite similar to the Bug.

But, have you tried put the quit of the far end?

 

#MODE_ENABLE
##!INTERACTIVE

crypto pki authenticate trustpointname
-----BEGIN CERTIFICATE-----
content of PEM-File
-----END CERTIFICATE-----
quit

##!ENDS_INTERACTIVE
#END_MODE_ENABLE

0 Helpful

Go to solution
michael-bentley
Level 1
Level 1
In response to Flavio Miranda

‎11-11-2024 03:31 AM - edited ‎11-11-2024 03:31 AM

ah ok.
Yes, i already tried to put the quit to the far end

0 Helpful

Go to solution
Preston Chilcote
Cisco Employee
Cisco Employee

‎11-12-2024 03:24 PM

Since the certificate is more than one line of text, you'll need to use the <MLTCMD> tag.

This thread talks about what that would look like for both Prime and Cat Center

https://community.cisco.com/t5/network-management/cisco-prime-infrastructure-cli-templates-for-crypto-key/td-p/3781651

0 Helpful

Go to solution
michael-bentley
Level 1
Level 1
In response to Preston Chilcote

‎11-13-2024 03:26 AM

Thank you Preston.

i used the following syntax

<MLTCMD>

crypto pki authenticate $TRUSTPOINTNAME

------BEGIN CERTIFICATE---------

~key information deleted for brevity~

------END CERTIFICATE--------

quit
yes
</MLTCMD>
found in the Thread you mentioned.

0 Helpful
Customers Also Viewed These Support Documents