Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
127
Views
0
Helpful
2
Replies

Onprem CSSM to MDS switch

ryancisco01
Level 1
Level 1

‎10-23-2025 09:43 PM

Hi we have an onprem cssm server, already have a dozen devices successfully connected but we cannot get our 9.2 MDS 9k added.

tried all 3 method, callhome, smart and cslu, I read that only cslu is supported so sticking with that, the config is:

 

license smart transport cslu
license smart url cslu https://cssm/cslu/v1/pi/accoutn name (this url was taken from the cssm server)
license smart trust idtoken <3D%0A snip> all force
license smart sync all

a connection on 443 is established and ends with a reset, one of the packets from the cssm towards the switch says "expired certificate" what's interesting is the cert on cssm is not expired, and the cssm is not actually sending the cert , tried a few times with capture running and we always get client hello server hello but no cert and always ends with expired cert (I guess that is a generic message.)

There is no ignore revocation command available on this platform. I have also tried importing the cssm cert as a trustpoint but that has not helped either.

 

Any ideas? at this stage I was even trying to do a manual offline registration, btu I couldn't see where in the onprem cssm to actually upload the smartrequest file

 

Labels:
0 Helpful
2 Replies 2

M02@rt37
VIP
VIP

‎10-23-2025 10:25 PM

Hello @ryancisco01 

Start to check if time is off significantly on switch... 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

ryancisco01
Level 1
Level 1
In response to M02@rt37

‎10-27-2025 01:27 PM

Yes clocks are synced with ntp 

0 Helpful
Customers Also Viewed These Support Documents