Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1108
Views
0
Helpful
2
Replies

CSCut52232 - Post SMU Installed and Temporary Root-Certificate disapper

riduque
Cisco Employee
Cisco Employee

‎03-17-2016 01:32 PM

Hi Guys,

I added css-root.cer and I installed Post-SMU in ASR9010. But, after SMU is installed I can't see the temporary root-cer and I only see the old one.

XXXXX#sh sam certificate bri all


-------------------- SUMMARY OF CERTIFICATES -------------------

Certificate Location    : root
Certificate Index       : 1
Certificate Flag        : TRUSTED
  Serial Number  : 32:E0:A3:C6:CA:00:39:8C:4E:AC:22:59:1B:61:03:9F
  Subject:
        CN=Code Signing Server Certificate Authority,O=Cisco,C=US
  Issued By      :
        CN=Code Signing Server Certificate Authority,O=Cisco,C=US
  Validity Start : 01:46:24 UTC Tue Oct 17 2000
  Validity End   : 01:51:47 UTC Sat Oct 17 2015

  CRL Distribution Point
        file://\\CodeSignServer\CertEnroll\Code%20Signing%20Server%20Certificate%20Authority.crl

  CRL Distribution Point
        http://codesignserver/CertEnroll/Code%20Signing%20Server%20Certificate%20Authority.crl

RP/0/RSP0/CPU0:MIA-PEER-01#

Is it the expected behavior?

Please your help

Labels:
0 Helpful
2 Replies 2

smilstea
Cisco Employee
Cisco Employee

‎03-18-2016 05:03 AM

This is expected behavior, there is no CLI to check if the certificate install went through okay, you just have to try install adding a package to verify that it works.

Thanks,

Sam

0 Helpful

riduque
Cisco Employee
Cisco Employee
In response to smilstea

‎03-18-2016 07:38 AM

Thank you Sam. But it's expected too that temporary certificate be deleted after I install Post-SMU??

Because I checked in other devices with same command and I see both certificates (old one and temporary).

XXXXXXX#show sam certificate brief all
Thu Mar 17 12:35:35.629 GMT

-------------------- SUMMARY OF CERTIFICATES -------------------
Certificate Location    : root

Certificate Index       : 1

Certificate Flag        : TRUSTED

  Serial Number  : 32:E0:A3:C6:CA:00:39:8C:4E:AC:22:59:1B:61:03:9F

  Subject:

        CN=Code Signing Server Certificate Authority,O=Cisco,C=US

  Issued By      :

        CN=Code Signing Server Certificate Authority,O=Cisco,C=US

  Validity Start : 01:46:24 UTC Tue Oct 17 2000

  Validity End   : 01:51:47 UTC Sat Oct 17 2015

  CRL Distribution Point
        file://\\CodeSignServer\CertEnroll\Code%20Signing%20Server%20Certificate%20Authority.crl
  CRL Distribution Point
        http://codesignserver/CertEnroll/Code%20Signing%20Server%20Certificate%20Authority.crl


Certificate Location    : root

Certificate Index       : 2

Certificate Flag        : TRUSTED

  Serial Number  : 90:B6:F4:F9:FF:B8:A9:DB

  Subject:

        emailAddress=jamohamm@cisco.com,CN=CSS Certificate Authority,OU=CSG,O=Cisco Systems,L=San Jose,ST=CA,C=US

  Issued By      :

        emailAddress=jamohamm@cisco.com,CN=CSS Certificate Authority,OU=CSG,O=Cisco Systems,L=San Jose,ST=CA,C=US

  Validity Start : 10:19:42 UTC Thu Oct 09 2014

  Validity End   : 10:19:42 UTC Sun Oct 06 2024

0 Helpful
Customers Also Viewed These Support Documents