I had a client reach out to me today with the following issue when he tried to install a new certificate on his CSS 11503 running 8.10.1.06 with CVDM version css-1.0_K9. This is what he wrote to me:
Our certs for our online site are about to expire and unfortunately we are still on the CSS. I’ve been trying to update our DR CSS for most of the morning, but for some reason it simply isn’t ‘taking’ today. I created a CSR from the CSS, uploaded it to Verisign, stacked the response correctly (it displays as a valid cert with a valid path, expiring in 2014), then imported it to the CSS via FTP. It is clearly present with the correct file name and file date. However, no matter what I do, despite what the CSS claims is associated with the SSL proxy, I keep seeing the old cert when I open the site from a browser. I’ve tried suspending all content, services, and proxy lists before changing the association, I’ve tried different names for the association, I’ve tried pretty much everything I can think of short of deleting the old .cer file (I don’t have the DES password), but despite the CSS displaying itself as being associated to the new cer file, when I open the site, it still presents the old cert. This is utterly baffling to me as I’ve never had this issue before. I know I can’t create a TAC case because the CSS is EoL. Any ideas?
I am not familiar with the CSS and since it's EOL, he cannot contact TAC.
Let me know if you need any other information and I will see if I can obtain it.
Thanks for the information and I will pass it on. I did get an email from the client late yesterday afternoon. He said it started working, but he isn't sure what fixed it. He walked away from it for a bit to work on something else and when he got back around to it, it was working fine.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...