Symptom

Loading a list of Distinguished Name objects with names and values from a CSV file, where the name should have a "CN_" prefix and the name represents a Common Name (CN). During the loading process, the names and values are not checked or validated, which can lead to a failure in policy configuration deployment.

Conditions

SSL Policy Import SSL Certificate Pinning from a CSV

Workaround

Further Problem Description

below log with perfix CN=*.digcert.com May 5 12:00:05 firepower policy_apply.pl[45888]: INFO chandrkr data dn before convert (AccessControl::SSLPolicy::Device 620<87 <- Framework 3302 <- AccessControl::SSLPolicy::Device 105) May 5 12:00:05 firepower policy_apply.pl[45888]: $VAR1 = 'CN=*.digicert.com'; May 5 12:00:05 firepower policy_apply.pl[45888]: CN=*.digicert.com at /ngfw/var/cisco/deploy/pkg/var/cisco/packages/exporter-7.1.0.2-28/code/SF/UMPD/Plugins/AccessControl/SSLPolicy/Device.pm line 569. May 5 12:00:05 firepower policy_apply.pl[45888]: INFO chandrkr combined dn (AccessControl::SSLPolicy::Device 573<621<87 <- Framework 3302 <- AccessControl::SSLPolicy::Device...) May 5 12:00:05 firepower policy_apply.pl[45888]: $VAR1 = 'CN "*.digicert.com";'; May 5 12:00:05 firepower policy_apply.pl[45888]: INFO chandrkr data dn after convert (AccessControl::SSLPolicy::Device 622<87 <- Framework 3302 <- AccessControl::SSLPolicy::Device 105) May 5 12:00:05 firepower policy_apply.pl[45888]: $VAR1 = 'CN "*.digicert.com";';