THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
07-Oct-19 |
Initial Release |
Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
---|---|---|---|---|
NON-IOS |
DNA Center Software |
1 |
1.1 |
Affected releases: 1.2.10, 1.2.12, 1.3.0, 1.3.1 |
Defect ID | Headline |
---|---|
CSCvr03768 | PKI broker won't issue device cert in DNAC after 4th OCT,2019 as EJBCA WSDL cert is expiring |
The Web Services Description Language (WSDL) certificate in Cisco DNA Center's EJBCA Public Key Infrastructure (PKI) broker service expires on 2019-10-04. After this server certificate expires, Cisco DNA Center clients that use the EJBCA service for secure sessions will fail to connect.
EJBCA is an open source certificate authority service in Cisco DNA Center's PKI implementation. PKI requires an unexpired Certificate Authority (CA) signed certificate to establish identity, otherwise secure connection requests will fail. The WSDL certificate in Cisco DNA Center expires on 2019-10-04 and must be renewed for the EJBCA PKI service to continue to operate properly.
Clients that use the EJBCA service in Cisco DNA Center will fail to connect. For example, the Embedded Wireless Controller on Cisco Catalyst 9800 Series devices will fail to onboard. Also, Cisco Aironet AP-1800 Sensors will fail to connect to Cisco DNA Center.
There is no workaround for this problem. Customers must upgrade Cisco DNA Center to a version that has been patched to include a new WSDL certificate. The new certificate has a 20 year expiry.
These Cisco DNA Center software releases have the fix with the new WSDL certificate:
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
Unleash the Power of TAC's Virtual Assistance