Cisco Support Community
Community Member

CSS 11503 certificate install issue.

I had a client reach out to me today with the following issue when he tried to install a new certificate on his CSS 11503 running with CVDM version css-1.0_K9.  This is what he wrote to me:

Our certs for our online site are about to expire and unfortunately we are still on the CSS. I’ve been trying to update our DR CSS for most of the morning, but for some reason it simply isn’t ‘taking’ today. I created a CSR from the CSS, uploaded it to Verisign, stacked the response correctly (it displays as a valid cert with a valid path, expiring in 2014), then imported it to the CSS via FTP. It is clearly present with the correct file name and file date. However, no matter what I do, despite what the CSS claims is associated with the SSL proxy, I keep seeing the old cert when I open the site from a browser. I’ve tried suspending all content, services, and proxy lists before changing the association, I’ve tried different names for the association, I’ve tried pretty much everything I can think of short of deleting the old .cer file (I don’t have the DES password), but despite the CSS displaying itself as being associated to the new cer file, when I open the site, it still presents the old cert. This is utterly baffling to me as I’ve never had this issue before. I know I can’t create a TAC case because the CSS is EoL. Any ideas?

I am not familiar with the CSS and since it's EOL, he cannot contact TAC. 

Let me know if you need any other information and I will see if I can obtain it.




CSS 11503 certificate install issue.

Community Member

CSS 11503 certificate install issue.

Thanks for the information and I will pass it on.  I did get an email from the client late yesterday afternoon.  He said it started working, but he isn't sure what fixed it.  He walked away from it for a bit to work on something else and when he got back around to it, it was working fine.

CreatePlease to create content