Has anybody come across or experienced the following issue for code 8.20.3.03 on CSS11503 w/SSL Module?
We recently upgraded from 8.20.2.01 to 8.20.3.03 to get around Bug CSCsm50650 on both test and production CSS (both with same hardware, software and running configuration). All worked as expected but when implementing client authentication on the SSL proxy-list we have found that connections fail with"ssl_error_bad_cert_alert" on the browser and certificate "not yet valid" in sys.log. This is usually because the certificate notBefore date is after the current time. We have checked the times on the certificates and they are OK (within bounds) and the time on the CSS is OK (timezone is UTC +1, beginning last Sunday March 2010). It is also possible to try some time later the same day (worked for > 1 hour and other times) and succeed in connecting to the site with the very same certificate which failed previously. A data trace shows a Level 2 fatal alert with correct certificate Validity times.
This issue never surfaced while running code 8.20.2.01. Thanks for your help.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...