Field Notice: FN - 70487 - Cisco Security Manager - Renewal of Certificate for dl.cisco.com Might Prevent Download of Software Images - Workaround Provided

Available Languages

Updated:January 8, 2020
Document ID:FN70487

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision Publish Date Comments
1.0
08-Jan-20
Initial Release

Products Affected

Affected OS Type Affected Software Product Affected Release Affected Release Number Comments
NON-IOS
Security Manager (CSM) Software
4.7
4.7, 4.7sp1, 4.7sp2, 4.7SP3, 4.7SP4
NON-IOS
Security Manager (CSM) Software
4.8
4.8, 4.8 SP2, 4.8sp1
NON-IOS
Security Manager (CSM) Software
4.9
4.9
NON-IOS
Security Manager (CSM) Software
4.10
4.10, 4.10 SP1, 4.10 SP2
NON-IOS
Security Manager (CSM) Software
4.11
4.11, 4.11 SP1, 4.11 SP2
NON-IOS
Security Manager (CSM) Software
4.12
4.12 SP1, 4.12 SP2
NON-IOS
Security Manager (CSM) Software
4.13
4.13 SP1
NON-IOS
Security Manager (CSM) Software
4.14
4.14 SP1, 4.14 SP2
NON-IOS
Security Manager (CSM) Software
4.15
4.15
NON-IOS
Security Manager (CSM) Software
0
4.16
NON-IOS
Security Manager (CSM) Software
4.17
4.17 SP1
NON-IOS
Security Manager (CSM) Software
4.X
4.18
NON-IOS
Security Manager (CSM) Software
4.19
4.19 SP1
NON-IOS
Security Manager (CSM) Software
4.X
4.20

Defect Information

Defect ID Headline
CSCvf34445 There were no defects filed with this field notice at the time of publication.

Problem Description

A certificate change for dl.cisco.com might prevent the Cisco Security Manager (CSM) application from downloading software images from cisco.com.

The certificate change also affects the ability of CSM to obtain GeoIP and IPS signature downloads.

Background

The certificate used to establish trust for dl.cisco.com was renewed on December 5, 2019. As a result, the Image Manager in CSM might be unable to download software images from cisco.com until you import the new certificate for dl.cisco.com.

Reference the CSM Configuration Guide for more information about how certificates are handled within CSM.

Problem Symptom

If the CSM application is unable to communicate with dl.cisco.com due to the certificate change:

  • The Image Manager displays the error "Update failed. Last updated at ..." when it tries to update the software image list, as shown below.

    screenshot of update-failed error

  • Attempts to download an image from cisco.com show the error "Failed with Exception" in the Downloads window, as shown below.

    screenshot of failed-with-exception error

Workaround/Solution

Use this procedure to import the new certificate and enable software image downloads from cisco.com.

First, update the certificate store entry for dl.cisco.com with the new certificate:

  1. In CSM, choose Tools > Security Manager Administration and then select CCO Settings from the table of contents.

  2. In the Certificates table, select the dl.cisco.com certificate and click Remove.

  3. Update the dl.cisco.com certificate:

    1. In the Certificate section, select Other.

    2. Enter "https://dl.cisco.com" in the text field.

    3. Click Retrieve Certificate.

      The Certificate Verification dialog box displays.

    4. In the Certificate Verification dialog box, click Accept.

      screenshot of Certificate Verification dialog box

      The certificate is now updated.

 

After the certificate is updated, follow this procedure to download images:

  1. Launch Image Manager.

  2. From Image Manager, click the Check for Updates button in the top right corner of the screen.

    screenshot of Check for Updates button

    After you click the Check for Updates button, the software images are downloaded from cisco.com and the image list summary updates.

    screenshot of updated list summary

    screenshot of download in progress

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco