On October 11th 2019, the SSL certificate for api.cisco.com has been renewed as the previous one was about to expire. As a result of this change, CSM Image Manager's certificate repository not longer validates the certificate. As a result Image Manager will not be able to download any software images from the Cisco.com files repository until the new api.cisco.com certificate is imported.
This currently affects all CSM versions.
If you CSM server is unable to communicate with api.cisco.com, the Image Manager may display the following error when trying to update the image listing:
Update failed. Last updated at...
In addition, when trying to download an image from, the list, the following error will be shown:
Failed with Exception
The certificate store entry for api.cisco.com can be updated with the new certificate by following these steps:
Navigate to Tools > Security Manager Administration > CCO Settings.
In the Certificates section, remove the api.cisco.com certificate by selecting it from the table and click on Remove.
Retrieve certificate by selecting Other, entering "https://api.cisco.com" in the text box and clicking on "Retrieve certificate".
On next pop-up screen clink on "Accept"
Launch Image Manager and click on check for updates button on the right hand top corner:
After making these changes, Images should be downloaded without issue, and the Image list should update as expected.
Note: This will also affect GeoIP and IPS signature downloads.
CSCvh91118 implies (but doesn't explicitly state) that from ISE 2.4 patch 6, you can permanently enable the Disclose invalid usernames option. The pop-up help has also removed references about this option being limited to 30 minutes. This option...
Hello, Can you please help me understand the difference between the commands:clear crypto sa&clear crypto session I understand that clear crypto sa will clear all SA's (phase 1 and phase 2) for a specific peer if you choose. I am understandi...
I am trying to set up site to site IKEV2 tunnel between ISR 4351 and ASA. When I do debug crypto ikev2 protocol 255, I can see there is a problem:"IKEv2-PROTO-2: (1629): Error in retrieving config mode data to send".Here are the full debug logs from ...
we have a connection from LAN port to IP phone (Yealink) then to a dell docking station for wired. we have a user using dell docking station, but when he undock to wireless access to meeting, back to desk plug backto the docking, network connection i...
Hi Guys, We have one pulblic ip address and two web server located in DMZ zone. We want to configure load balancing or load sharing for server availability. Kindly suggest how can we configure load balancing for web servers on ASA 9.6 without a...