BugZero | Cisco BugID CSCvw15311 - PKI Trustpool cert import fails if device is not c...

Cisco - Defect ID: CSCvw15311

PKI Trustpool cert import fails if device is not clean

Cisco - Defect ID: CSCvw15311

PKI Trustpool cert import fails if device is not clean

Last updated on 4/28/2025

Overall: 7.87.8

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 7.87.8

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

Import of certificate bundle into a PKI trustpool fails with the following errors: pki-reg2(config)#crypto pki trustpool import url http://9.41.19.3/CertEnroll/ios.p7b Reading file from http://9.41.19.3/CertEnroll/ios.p7b Loading http://9.41.19.3/CertEnroll/ios.p7b !!!! % No certificates imported from http://9.41.19.3/CertEnroll/ios.p7b. pki-reg2(config)# Oct 7 16:12:29.541 IST: CRYPTO_PKI: Adding pool certificate as x509 failed Oct 7 16:12:29.543 IST: P11:C_FindObjectsInit: Oct 7 16:12:29.543 IST: CKA_CLASS: PUBLIC KEY Oct 7 16:12:29.543 IST: CKA_KEY_TYPE: RSA Oct 7 16:12:29.543 IST: CKA_MODULUS: 9A 41 DC 19 DD 49 6A 90 5B 0F 91 D4 68 FD 6E 58 94 5E 72 33 75 B0 A8 BA 47 E6 AA 2D FF CA B2 ED 26 B3 23 0F 7F AB 28 9A 73 48 E8 B0 32 45 48 84 D3 A3 E6 7E AD 10 85 91 CF BF CA D5 8C A2 73 09 B6 13 11 6E 85 C1 8A 73 D9 77 E3 5B 6C C3 A1 A1 B2 39 C5 F5 14 17 DE 77 C2 23 AD DF 9D 1B 07 06 B7 1E F1 EE 4A FD 7C B3 50 50 17 EC 0E 6A FE 43 BB 31 E6 D5 97 D4 8A 97 57 09 F3 87 5B 71 FD 84 4D 2A D6 99 69 7D 03 77 2E 2A 1C F8 5B E4 55 F5 AF 86 0C 7C 00 EE E0 88 30 DD 18 D2 F0 A0 90 D8 5C 00 63 DF CF B2 B3 DB C9 09 E1 2A C8 7C 3D BC 35 7B 09 E9 70 9E 84 A7 50 55 60 84 32 09 63 95 76 35 4B 6D 6E 12 8E 97 6C D2 E8 20 C6 CE 14 53 F5 50 8C 69 A0 AD A8 35 3C 82 85 5A 87 16 A0 81 93 CD A4 C7 92 23 70 2F 45 58 88 3D E2 06 0B 81 53 90 01 86 C3 E4 95 4A E3 EB 19 34 1D AB BC 0F Oct 7 16:12:29.551 IST: CKA_PUBLIC_EXPONENT: 03 Oct 7 16:12:29.552 IST: CRYPTO_PKI: Deleting cached key having key id 3 Oct 7 16:12:29.552 IST: CRYPTO_PKI: Deleting cached key having key id 4 Oct 7 16:12:29.552 IST: P11:C_FindObjectsFinal Oct 7 16:12:29.552 IST: P11:C_CreateObject: Oct 7 16:12:29.552 IST: CKA_CLASS: PUBLIC KEY Oct 7 16:12:29.552 IST: CKA_KEY_TYPE: RSA Oct 7 16:12:29.552 IST: CKA_MODULUS: 9A 41 DC 19 DD 49 6A 90 5B 0F 91 D4 68 FD 6E 58 94 5E 72 33 75 B0 A8 BA 47 E6 AA 2D FF CA B2 ED 26 B3 23 0F 7F AB 28 9A 73 48 E8 B0 32 45 48 84 D3 A3 E6 7E AD 10 85 91 CF BF CA D5 8C A2 73 09 B6 13 11 6E 85 C1 8A 73 D9 77 E3 5B 6C C3 A1 A1 B2 39 C5 F5 14 17 DE 77 C2 23 AD DF 9D 1B 07 06 B7 1E F1 EE 4A FD 7C B3 50 50 17 EC 0E 6A FE 43 BB 31 E6 D5 97 D4 8A 97 57 09 F3 87 5B 71 FD 84 4D 2A D6 99 69 7D 03 77 2E 2A 1C F8 5B E4 55 F5 AF 86 0C 7C 00 EE E0 88 30 DD 18 D2 F0 A0 90 D8 5C 00 63 DF CF B2 B3 DB C9 09 E1 2A C8 7C 3D BC 35 7B 09 E9 70 9E 84 A7 50 55 60 84 32 09 63 95 76 35 4B 6D 6E 12 8E 97 6C D2 E8 20 C6 CE 14 53 F5 50 8C 69 A0 AD A8 35 3C 82 85 5A 87 16 A0 81 93 CD A4 C7 92 23 70 2F 45 58 88 3D E2 06 0B 81 53 90 01 86 C3 E4 95 4A E3 EB 19 34 1D AB BC 0F Oct 7 16:12:29.561 IST: CKA_PUBLIC_EXPONENT: 03 Oct 7 16:12:29.562 IST: CRYPTO_PKI: Attempting to insert the peer's public key into cache Oct 7 16:12:29.562 IST: CRYPTO_PKI:Peer's public inserted successfully with key id 5 Oct 7 16:12:29.562 IST: P11:C_CreateObject: 131077 Oct 7 16:12:29.562 IST: P11:C_VerifyInit - Session found Oct 7 16:12:29.562 IST: P11:C_VerifyInit - key id = 131077 Oct 7 16:12:29.562 IST: P11:C_Verify Oct 7 16:12:29.562 IST: P11:found pubkey in cache using index = 5 Oct 7 16:12:29.562 IST: P11:public key found is : 30 82 01 20 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0D 00 30 82 01 08 02 82 01 01 00 9A 41 DC 19 DD 49 6A 90 5B 0F 91 D4 68 FD 6E 58 94 5E 72 33 75 B0 A8 BA 47 E6 AA 2D FF CA B2 ED 26 B3 23 0F 7F AB 28 9A 73 48 E8 B0 32 45 48 84 D3 A3 E6 7E AD 10 85 91 CF BF CA D5 8C A2 73 09 B6 13 11 6E 85 C1 8A 73 D9 77 E3 5B 6C C3 A1 A1 B2 39 C5 F5 14 17 DE 77 C2 23 AD DF 9D 1B 07 06 B7 1E F1 EE 4A FD 7C B3 50 50 17 EC 0E 6A FE 43 BB 31 E6 D5 97 D4 8A 97 57 09 F3 87 5B 71 FD 84 4D 2A D6 99 69 7D 03 77 2E 2A 1C F8 5B E4 55 F5 AF 86 0C 7C 00 EE E0 88 30 DD 18 D2 F0 A0 90 D8 5C 00 63 DF CF B2 B3 DB C9 09 E1 2A C8 7C 3D BC 35 7B 09 E9 70 9E 84 A7 50 55 60 84 32 09 63 95 76 35 4B 6D 6E 12 8E 97 6C D2 E8 20 C6 CE 14 53 F5 50 8C 69 A0 AD A8 35 3C 82 85 5A 87 16 A0 81 93 CD A4 C7 92 23 70 2F 45 58 88 3D E2 06 0B 81 53 90 01 86 C3 E4 95 4A E3 EB 19 34 1D AB BC 0F 02 01 03 Oct 7 16:12:29.572 IST: P11:CEAL:CRYPTO_NO_ERR Oct 7 16:12:29.574 IST: P11:C_FindObjectsInit: Oct 7 16:12:29.574 IST: CKA_CLASS: PUBLIC KEY Oct 7 16:12:29.574 IST: CKA_KEY_TYPE: RSA Oct 7 16:12:29.574 IST: CKA_MODULUS: B3 B1 33 93 23 24 A3 2C 99 0C 5A 7C D8 28 48 79 92 9B 8F 2E 9D 75 49 18 12 C2 1A BC 4C EB 66 A3 C2 92 CD B7 63 5A 7E F9 CB 0B BF AA 6D FA B2 83 20 15 41 24 CE 5F 3F 85 9F F6 26 38 8B 79 A3 DE ED 61 AC A9 DC 0F 89 95 1D CC E4 F6 1C FF DE 25 94 10 94 40 DF B6 F2 55 8A 26 4D 8C 7B 46 A0 59 D6 5F 71 04 9B 6A A7 C0 53 9F CF EE 3F 54 98 DF 4B 8C 39 3E F0 2E 6A 61 CB 62 8A D3 F4 5C 86 2A B2 B4 5C 92 87 21 AC 6B F3 BA 1A F5 C3 FD B6 2F B5 B1 7A A9 57 10 5C 54 1F 9D 43 46 B5 68 6B CE 5A 0D 38 83 57 2A 59 10 AE DD 24 35 E0 85 8E 7C 41 71 84 0B D6 4C 65 DC 9A 59 9E CB 46 62 89 F8 FA 97 3D 55 1B 2F 60 C9 3C 4F E7 C7 23 37 80 9A 0F 6A 79 86 AD 44 8F FE 42 49 33 80 B2 11 A6 D5 6E 26 86 3E 8A 51 E6 72 4E 37 CA 2C 6C FB 52 08 3E 39 69 4D BD BB 96 9F 1F E6 24 45 12 45 E2 39 Oct 7 16:12:29.582 IST: CKA_PUBLIC_EXPONENT: 01 00 01 Oct 7 16:12:29.583 IST: P11:C_FindObjectsFinal Oct 7 16:12:29.583 IST: P11:C_CreateObject: Oct 7 16:12:29.583 IST: CKA_CLASS: PUBLIC KEY Oct 7 16:12:29.583 IST: CKA_KEY_TYPE: RSA Oct 7 16:12:29.583 IST: CKA_MODULUS: B3 B1 33 93 23 24 A3 2C 99 0C 5A 7C D8 28 48 79 92 9B 8F 2E 9D 75 49 18 12 C2 1A BC 4C EB 66 A3 C2 92 CD B7 63 5A 7E F9 CB 0B BF AA 6D FA B2 83 20 15 41 24 CE 5F 3F 85 9F F6 26 38 8B 79 A3 DE ED 61 AC A9 DC 0F 89 95 1D CC E4 F6 1C FF DE 25 94 10 94 40 DF B6 F2 55 8A 26 4D 8C 7B 46 A0 59 D6 5F 71 04 9B 6A A7 C0 53 9F CF EE 3F 54 98 DF 4B 8C 39 3E F0 2E 6A 61 CB 62 8A D3 F4 5C 86 2A B2 B4 5C 92 87 21 AC 6B F3 BA 1A F5 C3 FD B6 2F B5 B1 7A A9 57 10 5C 54 1F 9D 43 46 B5 68 6B CE 5A 0D 38 83 57 2A 59 10 AE DD 24 35 E0 85 8E 7C 41 71 84 0B D6 4C 65 DC 9A 59 9E CB 46 62 89 F8 FA 97 3D 55 1B 2F 60 C9 3C 4F E7 C7 23 37 80 9A 0F 6A 79 86 AD 44 8F FE 42 49 33 80 B2 11 A6 D5 6E 26 86 3E 8A 51 E6 72 4E 37 CA 2C 6C FB 52 08 3E 39 69 4D BD BB 96 9F 1F E6 24 45 12 45 E2 39 Oct 7 16:12:29.591 IST: CKA_PUBLIC_EXPONENT: 01 00 01 Oct 7 16:12:29.592 IST: CRYPTO_PKI: Attempting to insert the peer's public key into cache Oct 7 16:12:29.592 IST: CRYPTO_PKI:Peer's public inserted successfully with key id 6 Oct 7 16:12:29.592 IST: P11:C_CreateObject: 131078 Oct 7 16:12:29.592 IST: P11:C_VerifyInit - Session found Oct 7 16:12:29.592 IST: P11:C_VerifyInit - key id = 131078 Oct 7 16:12:29.592 IST: P11:C_Verify Oct 7 16:12:29.592 IST: P11:found pubkey in cache using index = 6 Oct 7 16:12:29.592 IST: P11:public key found is : 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 B3 B1 33 93 23 24 A3 2C 99 0C 5A 7C D8 28 48 79 92 9B 8F 2E 9D 75 49 18 12 C2 1A BC 4C EB 66 A3 C2 92 CD B7 63 5A 7E F9 CB 0B BF AA 6D FA B2 83 20 15 41 24 CE 5F 3F 85 9F F6 26 38 8B 79 A3 DE ED 61 AC A9 DC 0F 89 95 1D CC E4 F6 1C FF DE 25 94 10 94 40 DF B6 F2 55 8A 26 4D 8C 7B 46 A0 59 D6 5F 71 04 9B 6A A7 C0 53 9F CF EE 3F 54 98 DF 4B 8C 39 3E F0 2E 6A 61 CB 62 8A D3 F4 5C 86 2A B2 B4 5C 92 87 21 AC 6B F3 BA 1A F5 C3 FD B6 2F B5 B1 7A A9 57 10 5C 54 1F 9D 43 46 B5 68 6B CE 5A 0D 38 83 57 2A 59 10 AE DD 24 35 E0 85 8E 7C 41 71 84 0B D6 4C 65 DC 9A 59 9E CB 46 62 89 F8 FA 97 3D 55 1B 2F 60 C9 3C 4F E7 C7 23 37 80 9A 0F 6A 79 86 AD 44 8F FE 42 49 33 80 B2 11 A6 D5 6E 26 86 3E 8A 51 E6 72 4E 37 CA 2C 6C FB 52 08 3E 39 69 4D BD BB 96 9F 1F E6 24 45 12 45 E2 39 02 03 01 00 01 Oct 7 16:12:29.602 IST: P11:CEAL:CRYPTO_NO_ERR Oct 7 16:12:29.602 IST: CRYPTO_PKI: Sucess on Bundle PKCS7 verify! Oct 7 16:12:29.602 IST: CRYPTO_PKI: Sucess on Bundle PKCS7 verify! Oct 7 16:12:29.602 IST: CRYPTO_PKI: Bundle signer check failed Oct 7 16:12:29.603 IST: CRYPTO_PKI: Bundle signer check failed Oct 7 16:12:29.603 IST: P11:C_DestroyObject 2:20006 Oct 7 16:12:29.603 IST: CRYPTO_PKI: Expiring peer's cached key with key id 6 Oct 7 16:12:29.603 IST: P11:C_DestroyObject 2:20005 Oct 7 16:12:29.603 IST: CRYPTO_PKI: Expiring peer's cached key with key id 5 Oct 7 16:12:29.603 IST: CRYPTO_PKI: Parsing bundle as signed pkcs7 failed, 1 Oct 7 16:12:29.603 IST: The PKCS #7 message has 0 certs. Oct 7 16:12:29.603 IST: CRYPTO_PKI: Importing 0 certs. Oct 7 16:12:29.605 IST: CRYPTO_PKI: Added 0 certs to the Trustpool. Oct 7 16:12:29.605 IST: CRYPTO_PKI: 0 certs already present pki-reg2(config)#

Conditions

When it is not the first import of a certificate bundle after a clean reload of the box

Workaround

Clean the trustpool and reload the box

Further Problem Description

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvw15311

PKI Trustpool cert import fails if device is not clean

Cisco - Defect ID: CSCvw15311

PKI Trustpool cert import fails if device is not clean

Last updated on 4/28/2025

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?