RP/0/RP0/CPU0:Oct 1 00:06:13.572 UTC: cepki: %SECURITY-PKI-1-CACERT_NOT_VALID : Failed to add CA certificate with subject name /O=Digital Signature Trust Co./CN=DST Root CA X3 to trustpool because certificate has expired or is not yet valid RP/0/RP0/CPU0:Oct 1 00:06:13.572 UTC: syslog_dev: cepki PID-7101: % Make sure the clock is synchronized with CA's clock. Certificate Expiry MessagesĪ few different expiry messages can be seen based on your version of code: RP/0/RP0/CPU0:Oct 1 00:06:13.572 UTC: syslog_dev: cepki PID-7101: % CA certificate is not yet valid or has expired. This certificate is not used and does not cause impact to production traffic or crypto services when the expiry was tested in the lab. The 480 days is wrong, the days are mistakenly multiplied by 24 hours, this is handled by Cisco bug ID CSCvz62603.Į.g. This log message can continue to appear until the certificate expired with a countdown on the number of days. Validity End : 18:23:33 UTC Mon Nov 24 2031ĬA3AFBCF1240364B44B216208880483919937CF7 Pre-September 30 2021īefore Septemusers can get a log message that indicates a certificate is about to expire, such as %SECURITY-PKI-6-ERR_1_PARAM : CA certificate to be expired in 480 days Validity End : 23:59:59 UTC Wed Aug 02 2028ĬN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US In most cases, no immediate action is needed.Īn external communication from the Root CA publisher is available here: Sample Certificate RP/0/RP0/CPU0:NCS-5516-A#show crypto ca trustpool This document describes the meaning of the September 30 2021, 'DST Root CA X3' built-in' certificate expiration, and any necessary action that is needed to resolve.
0 kommentar(er)
