Roundup Cisco admins, you thought your week was over, right? Sorry: if you have kit that runs Adaptive Security Appliance software or the Firepower Extensible Operating System, there’s one more item on the task list: updating your certificate.
Switchzilla’s field notice explained that Cisco’s root CA for tools.cisco.com was rolled over to a QuoVadis Root CA 2 cert on October 5, and that could affect “Smart Licensing and Smart Call Home functionality for all versions” of ASA or FXOS.
That causes a Communication message send response error
error, and because the platforms can’t register with the Cisco servers, “smart licenses might fail entitlement and reflect an Out of Compliance status”.
You can either upgrade, or import the new cert from the CLI.
And there’s one more wrinkle to be aware of: the QuoVadis cert isn’t FIPS-compliant. If you need FIPS compliance, there’s a different certificate to import, the HydrantID SSL ICA G2 intermediate certificate, also available from the CLI.
Read full news article on The Register