Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
583
Views
0
Helpful
2
Replies

SMU SAM changeset for certificate expiration ASR9K 4.2.3

ehector
Level 1
Level 1

‎01-26-2016 03:56 PM

Hi all,

I have just read about the certificate expiration on IOS XR. We are currently running our network with release 4.2.3.

Which it has been hit by the FN-63979,

RP/0/RSP1/CPU0:9R_MAC_ASECATE_1#sh sam certificate brief all
Tue Jan 26 17:53:32.554 CST

-------------------- SUMMARY OF CERTIFICATES -------------------

Certificate Location : root
Certificate Index : 1
Certificate Flag : VALIDATED
Serial Number : 32:xx:xx:xx:xx:xx:xx:8C:4E:AC:22:59:1B:61:03:9F
Subject:
Name: Code Signing Server Certificate Authority
CN= Code Signing Server Certificate Authority
O= Cisco
C= US
Issued By :
cn=Code Signing Server Certificate Authority,o=Cisco,c=US
Validity Start : 20:46:24 CDT Mon Oct 16 2000
Validity End : 20:51:47 CDT Fri Oct 16 2015
CRL Distribution Point
file://\\CodeSignServer\CertEnroll\Code%20Signing%20Server%20Certificate%20Authority.crl
CRL Distribution Point
http://codesignserver/CertEnroll/Code%20Signing%20Server%20Certificate%20Authority.crl

Certificate Location : disk0
Certificate Index : 1
Certificate Flag : VALIDATED
Serial Number : 61:xx:xx:xx:xx:xx:xx:00:00:13
Subject:
Name: Engineer code sign certificate
CN= Engineer code sign certificate
Issued By :
cn=Code Signing Server Certificate Authority,o=Cisco,c=US
Validity Start : 18:46:05 CST Tue Dec 04 2007
Validity End : 20:51:47 CDT Fri Oct 16 2015
CRL Distribution Point
file://\\CodeSignServer\CertEnroll\Code%20Signing%20Server%20Certificate%20Authority.crl
CRL Distribution Point
http://codesignserver/CertEnroll/Code%20Signing%20Server%20Certificate%20Authority.crl

Now, I was reading that on a non 4.3.4-sp2 system we can install the SMU smoothly and hitless.

Those any body knows, if this is valid also for release 4.2.3 ?

Also, just wondering we are not planning in the near future to upgrade the release (for now).

If, I install the Post-expiry SMU + Temporary Root Certificate; will this help us if we need to install any other upgrade (SMU, PIE, etc).

Thanks

Hector

Labels:
0 Helpful
2 Replies 2

Eddie Chami
Cisco Employee
Cisco Employee

‎01-26-2016 08:20 PM

Hector,

The 4.2.3 SMU is hitless, so your good there. How many routers do you have and which release are you upgrading too? Installing the post-expiry SMU + Temp Root Certificate followed by an upgrade is the way to go.

You SHOULD be thinking about upgrading, 4.2.3 is end of engineering support. You need to think about upgrading to 5.3.3. 

Regards

Eddie.

0 Helpful

ehector
Level 1
Level 1
In response to Eddie Chami

‎01-27-2016 09:43 AM

Thanks Eddie, we have more than 40 in the network. However, as this release has been more o less stable. We were reluctant to upgrade it. As you mention, may it is time now. Rel 5.3.x may be is our goal now. Best, Hector
0 Helpful
Customers Also Viewed These Support Documents