cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CSM Image Manager unable to download images from CCO due to certificate change for api.cisco.com

701
Views
5
Helpful
0
Comments

Symptoms

On October 11th 2019, the SSL certificate for api.cisco.com has been renewed as the previous one was about to expire. As a result of this change, CSM Image Manager's certificate repository not longer validates the certificate. As a result Image Manager will not be able to download any software images from the Cisco.com files repository until the new api.cisco.com certificate is imported.

This currently affects all CSM versions.

Diagnosis

If you CSM server is unable to communicate with api.cisco.com, the Image Manager may display the following error when trying to update the image listing:

Update failed. Last updated at...

Screen Shot 2019-10-15 at 10.06.28 AM.png

 

In addition, when trying to download an image from, the list, the following error will be shown:

Failed with Exception

Screen Shot 2019-10-15 at 10.07.02 AM.png

Solution

The certificate store entry for api.cisco.com can be updated with the new certificate by following these steps:

  1. Navigate to Tools > Security Manager Administration > CCO Settings.

  2. In the Certificates section, remove the api.cisco.com certificate by selecting it from the table and click on Remove.

    Screen Shot 2019-10-15 at 9.43.04 AM.png

  3. Retrieve certificate by selecting Other, entering "https://api.cisco.com" in the text box and clicking on "Retrieve certificate".

    Screen Shot 2019-10-15 at 9.47.41 AM.png

  4. On next pop-up screen clink on "Accept"

    Screen Shot 2019-10-15 at 9.47.50 AM.png

  5. Launch Image Manager and click on check for updates button Screen Shot 2019-10-15 at 9.51.55 AM.pngon the right hand top corner:

    Screen Shot 2019-10-15 at 9.58.07 AM.png

After making these changes, Images should be downloaded without issue, and the Image list should update as expected.

Examples:

Screen Shot 2019-10-15 at 9.56.09 AM.png

Screen Shot 2019-10-15 at 10.16.19 AM.png

Note: This will also affect GeoIP and IPS signature downloads.

 

More Information

Consult the CSM configuration guide for more information about certificate handling within CSM. https://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/414/user/guide/CSMUserGuide/syspage.html#31587