Field Notice: FN74224 - TSDNA: Crosswork Network Controller Releases 4.1.0 and 5.0.0 Internal Certificate Expiration Two Years From Installation - Software Upgrade Recommended
Available Languages
Notice
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Products Affected
| Affected Software Product | Affected Release | Affected Release Number | Comments |
|---|---|---|---|
| Crosswork Network Controller | 4 | 4.1.0 | |
| Crosswork Network Controller | 5 | 5.0.0 |
Defect Information
| Defect ID | Headline |
| CSCwn51183 | CNC internal tls certs expire after two years of installation |
Problem Description
The internal certificates associated with Cisco Crosswork Network Controller (CNC) 4.1.0 and 5.0.0 releases and maintenance releases will expire two years from installation.
Background
As per SEC-509-CA-FR4 specifications, internal certificates have expiration times.
Problem Symptom
Customers with Cisco CNC releases 4.1.0 and 5.0.0 who have not upgraded will see their systems become unavailable when the certificate expires two years after installation.
Workaround/Solution
Workaround
Note: To avoid a complete re-deployment of a cluster, at-risk customers can upgrade to the current release. Failure to take action before certificate expiration requires building a new cluster and importing their data (essentially a complex brownfield install) or working with Cisco through a paid engagement to upgrade and resolve the issue.
There are two options:
- Upgrade to a fully supported release (6.0 or later) before the expiration of the certificate (recommended).
- Purchase a custom-designed certificate extension along with assistance to implement, test, and maintain (additional cost applies).
How to Identify Affected Products
To check the current software release and certificate expiration date, complete the following steps:
- On the top right of the page, click the ? (about) icon. A menu appears.
- Click on the About Crosswork icon, as shown in the following image.
3. The current release will display, as shown in the following image.
Note: A system that is running Cisco CNC Release 4.1.0 will show an image and infrastructure version of 4.4.0, as shown in the following image. A system that is running Cisco CNC Release 5.0.0 will show an image and Infrastructure version of v5.0.0.
Check the Certificate Expiration Date
If the installation date is unknown and there are no plans to upgrade immediately, Cisco CX can provide a script to display this information. Complete the following steps:
- Open a case and ask for the expiration check script.
- Run the script.
- Share the script results with Cisco CX and they will review and arrange to have a sales team work help get the update tool.
Revision History
| Version | Description | Section | Date |
| 1.0 | Initial Release | — | 2025-FEB-03 |
For More Information
For further assistance or for more information about this field notice, contact the Cisco Technical Assistance Center (TAC) using one of the following methods:
Receive Email Notification About New Field Notices
To receive email updates about Field Notices (reliability and safety issues), Security Advisories (network security issues), and end-of-life announcements for specific Cisco products, set up a profile in My Notifications.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)
This Document Applies to These Products
Unleash the Power of TAC's Virtual Assistance