BugZero | Cisco BugID CSCvw06053 - The CA certificate gets deleted after reboot in Ci...

Loading...

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

©2025 BugZero. All Rights Reserved.

Privacy Policy Terms of Service

BugZero | Cisco BugID CSCvw06053 - The CA certificate gets deleted after reboot in Ci...

ODD
Cisco
CSCvw06053

Cisco - Defect ID: CSCvw06053

The CA certificate gets deleted after reboot in Cisco Catalyst 9800-CL Cloud Wireless Controller

ODD
Cisco
CSCvw06053

Cisco - Defect ID: CSCvw06053

The CA certificate gets deleted after reboot in Cisco Catalyst 9800-CL Cloud Wireless Controller

Last updated on April 16th, 2026

BugZero Risk Score
7.8 High

Overall: 7.8

Severity: 8.2

Lifecycle: 9.1

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Bug Details

Views: 1

Description

Symptom

1) The CA server is not working after a reload. 2) The following log message can be seen: %PKI-2-CS_CERT_NOT_PRESENT: Certificate server certificate not present. 3) The server is disabled, the status shows "Wait for CA certificate availability". show crypto pki server: Certificate Server WLC_CA: Status: disabled, Wait for CA certificate availability <<< the status is disabled State: check failed Server's configuration is locked (enter "shut" to unlock it) Issuer name: CA cert fingerprint: Granting mode is: auto Last certificate issued serial number (hex): 0 CA certificate expiration timer: 09:00:00 JST Jan 1 1970 CRL not present. Current primary storage dir: nvram: Database Level: Minimum - no cert data written to storage Redundancy configured. This is active. 4) The CA certificate is not present in the running-configuration; however, RSA keys are not lost.

Conditions

The issue has been found for: Hardware: VM // C9800-CL Software: 16.12.4a

Workaround

Remove the CA server "crypto pki server" and "crypto pki trustpoint" configurations and configure the CA server again.

Further Problem Description

The issue was found and reproduced in the HA setup (redundancy SSO).

Change history

2025-12-16 Added: 16.12.4a

Relevant Products

Click on a version to see all relevant bugs

Affected versions:16.12.4a

Fixed versions: 16.12.10, 16.12.10a, 16.12.6, 16.12.6a, 16.12.7, 16.12.8, 16.12.9, 17.05.01c, 17.10.1, 17.10.1a, 17.10.1b, 17.11.1, 17.11.1a, 17.12.02a, 17.12.1, 17.12.1w, 17.12.1x, 17.12.2, 17.12.2a, 17.13.1, 17.13.1a, 17.3.3, 17.3.3a, 17.3.4, 17.3.4a, 17.3.4b, 17.3.4c, 17.3.5, 17.3.5a, 17.3.5b, 17.3.6, 17.3.7, 17.3.8, 17.3.8a, 17.4.2, 17.4.2a, 17.5.1, 17.5.1a, 17.5.1b, 17.5.1c, 17.6.1, 17.6.1a, 17.6.1w, 17.6.1x, 17.6.1y, 17.6.1z, 17.6.1z1, 17.6.2, 17.6.3, 17.6.3a, 17.6.4, 17.6.5, 17.6.5a, 17.6.6, 17.6.6a, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.8.1, 17.8.1a, 17.9.1, 17.9.1a, 17.9.1w, 17.9.1x, 17.9.1x1, 17.9.1y, 17.9.1y1, 17.9.2, 17.9.2a, 17.9.3, 17.9.3a, 17.9.4, 17.9.4a, 17.9.5, 17.9.5a, Bengaluru-17.5.1, Gibraltar-16.12.6

Relevant Products

Click on a version to see all relevant bugs

Affected versions:16.12.4a

Fixed versions: 16.12.10, 16.12.10a, 16.12.6, 16.12.6a, 16.12.7, 16.12.8, 16.12.9, 17.05.01c, 17.10.1, 17.10.1a, 17.10.1b, 17.11.1, 17.11.1a, 17.12.02a, 17.12.1, 17.12.1w, 17.12.1x, 17.12.2, 17.12.2a, 17.13.1, 17.13.1a, 17.3.3, 17.3.3a, 17.3.4, 17.3.4a, 17.3.4b, 17.3.4c, 17.3.5, 17.3.5a, 17.3.5b, 17.3.6, 17.3.7, 17.3.8, 17.3.8a, 17.4.2, 17.4.2a, 17.5.1, 17.5.1a, 17.5.1b, 17.5.1c, 17.6.1, 17.6.1a, 17.6.1w, 17.6.1x, 17.6.1y, 17.6.1z, 17.6.1z1, 17.6.2, 17.6.3, 17.6.3a, 17.6.4, 17.6.5, 17.6.5a, 17.6.6, 17.6.6a, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.8.1, 17.8.1a, 17.9.1, 17.9.1a, 17.9.1w, 17.9.1x, 17.9.1x1, 17.9.1y, 17.9.1y1, 17.9.2, 17.9.2a, 17.9.3, 17.9.3a, 17.9.4, 17.9.4a, 17.9.5, 17.9.5a, Bengaluru-17.5.1, Gibraltar-16.12.6

Top Cisco Defects

9.7Defect ID: CSCwq79831
Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability
9.7Defect ID: CSCwc94466
Cisco ASA/FTD Firepower 2100 SSL/TLS Denial of Service Vulnerability
9.7Defect ID: CSCwt50498
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
9.7Defect ID: CSCws61409
Live Logs Not Displaying on GUI Due to Fast Expansion of MNT Database
9.7Defect ID: CSCun06260
XE3.13 Gatekeeper Hardening

Ready to prevent the next vendor outage?

Links

Original Vendor Announcement

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise