Field Notice: FN - 70257 - APIC-EM PKI Broker Failure Causes Trustpoint Operations to Fail - Software Upgrade Recommended

Available Languages

Updated:August 6, 2018

Document ID:FN70257

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision	Publish Date	Comments
1.0	03-Aug-18	Initial Release

Products Affected

Affected OS Type	Affected Release	Affected Release Number	Comments
NON-IOS	1	1.6, 1.5, 1.4

Defect Information

Defect ID	Headline
CSCvk38328	PKI broker not working in APIC-EM after July 13, 2018

Problem Description

The APIC-EM Public Key Infrastructure (PKI) broker fails in affected software versions. As a result, the APIC-EM instance becomes unable to provision trustpoints. APIC-EM instances with this problem are not able to generate new device Secure Sockets Layer (SSL) certificates or use the APIC-EM Intelligent WAN (IWAN) application to deploy new hub/branch sites.

Background

The APIC-EM SSL certificate used by the jboss-ejbca service expired on July 13, 2018. This expiration caused most PKI broker operations to fail. The SSL certificate is embedded in the product.

Problem Symptom

Operations to create new trustpoints fail with this error:

HTTP error code 500 (internal server error)

Workaround/Solution

A fix for this problem will be available in APIC-EM Release 1.6.3. Alternatively, a qualified Cisco engineer can apply a manual patch to affected systems. Contact the Technical Assistance Center (TAC) for assistance with the manual patch.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)

This Document Applies to These Products

Application Policy Infrastructure Controller Enterprise Module (APIC-EM)