Loading...
Loading...
The user is unable to upgrade Firepower Threat Defense (FTD) managed by Firepower Device Manager (FDM). The upgrade fails due to expired HTTPS certificate. upgrade failure logs shows Aug 30 19:28:38 BRFW0001 SF-IMS[31110]: [31110] Cisco_FTD_SSP_FP2K_Upgrade-7.2.0-82:800_post/100_ftd_onbox_data_import.sh [ERROR] Fatal error: The chosen certificate has already expired. Please apply an unexpired certificate. Aug 31 15:44:43 BRFW0001 SF-IMS[30044]: [30044] Cisco_FTD_SSP_FP2K_Upgrade-7.2.0-82:800_post/100_ftd_onbox_data_import.sh [ERROR] Fatal error: The chosen certificate has already expired. Please apply an unexpired certificate.
FTD managed by FDM FDM HTTPS cert expired
Replace HTTPS certificate with the following steps: https://www.cisco.com/c/en/us/td/docs/security/firepower/710/fdm/fptd-fdm-config-guide-710/fptd-fdm-system.html#task_31B0F47D39444D6EB91A552A2B93B63E [Steps below are documented assuming the Primary is Active, similar steps can be applied if the Secondary is active as well] 1. Replace the certificate on FDM of the Primary-Active 2. Failed over to make Secondary as active 3. Replace the certificate on FDM of the Secondary-Active 4. Failover to restore the original active
1. Since this is a certificate expiration issue, it can be carried to following versions if your base image or previous upgrades passed through one of the affected versions. 2. HTTPS cert cannot be installed using command line interface (CLI), make sure to follow the instructions for replacing using FDM GUI. 3. GUI would be accessible in normal usage, expired HTTPS cert in this defect prevents successful upgrades.
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.