BugZero | Cisco BugID CSCwd11825 - FDM upgrade failure due to HTTPS cert expired

OPERATIONAL DEFECT DATABASE

...

BugZero | Cisco BugID CSCwd11825 - FDM upgrade failure due to HTTPS cert expired

Cisco - Defect ID: CSCwd11825

FDM upgrade failure due to HTTPS cert expired

Cisco - Defect ID: CSCwd11825

FDM upgrade failure due to HTTPS cert expired

Last updated on August 13th, 2025

BugZero Risk Score
3.7 Low

Overall: 3.7

Severity: 3.7

Lifecycle: 9.1

Popularity: 6.9

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

The user is unable to upgrade Firepower Threat Defense (FTD) managed by Firepower Device Manager (FDM). The upgrade fails due to expired HTTPS certificate. upgrade failure logs shows Aug 30 19:28:38 BRFW0001 SF-IMS[31110]: [31110] Cisco_FTD_SSP_FP2K_Upgrade-7.2.0-82:800_post/100_ftd_onbox_data_import.sh [ERROR] Fatal error: The chosen certificate has already expired. Please apply an unexpired certificate. Aug 31 15:44:43 BRFW0001 SF-IMS[30044]: [30044] Cisco_FTD_SSP_FP2K_Upgrade-7.2.0-82:800_post/100_ftd_onbox_data_import.sh [ERROR] Fatal error: The chosen certificate has already expired. Please apply an unexpired certificate.

Conditions

FTD managed by FDM FDM HTTPS cert expired

Workaround

Replace HTTPS certificate with the following steps: https://www.cisco.com/c/en/us/td/docs/security/firepower/710/fdm/fptd-fdm-config-guide-710/fptd-fdm-system.html#task_31B0F47D39444D6EB91A552A2B93B63E [Steps below are documented assuming the Primary is Active, similar steps can be applied if the Secondary is active as well] 1. Replace the certificate on FDM of the Primary-Active 2. Failed over to make Secondary as active 3. Replace the certificate on FDM of the Secondary-Active 4. Failover to restore the original active

Further Problem Description

1. Since this is a certificate expiration issue, it can be carried to following versions if your base image or previous upgrades passed through one of the affected versions. 2. HTTPS cert cannot be installed using command line interface (CLI), make sure to follow the instructions for replacing using FDM GUI. 3. GUI would be accessible in normal usage, expired HTTPS cert in this defect prevents successful upgrades.

Change history

2025-08-08 Added: 6.6.5.1, 7.1.0.1, 7.2.4, 7.2.4.1

Top Cisco Defects

9.7Defect ID: CSCwa57254
C8200 Silent Reload due to CpuCatastrophicError
9.7Defect ID: CSCux91894
ASR9xx iomd memory leak
9.7Defect ID: CSCvx82406
Memory leaks in IOS_PRIV_OPER_DB
9.7Defect ID: CSCwj74769
After [non]pairwise key enabling and reboot, bfd ip and port mismatch on device.
9.7Defect ID: CSCwe01579
Cat9800 wncd reload while creating an RRM Client Coverage on large scale setup

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwd11825

FDM upgrade failure due to HTTPS cert expired

Cisco - Defect ID: CSCwd11825

FDM upgrade failure due to HTTPS cert expired

Last updated on August 13th, 2025

BugZero Risk Score3.7 Low

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
3.7 Low