OPERATIONAL DEFECT DATABASE
...
...
The symptoms of this can be seen in the show running configurations. What will be seen in the show run is the following: sh run | sec crypto pki certificate pool crypto pki certificate pool ! ('certificate ca' cmd has been deprecated. Downloaded ! Trustpool certificates should be re-downloaded ! using 'crypto pki trustpool import url ') The above cannot be removed.
This day1 issue and will affect all releases and platforms. This is an issue with the pki trustpool infra. All devices which have the below config will be affected crypto pki certificate pool The steps to reproduce this issue are the following: 1) no call-home service enabled. 2) reboot. 3) call-home automatically added by IOS-XE on boot. 4) wait ~2 weeks. 5) "crypto pki certificate pool" automatically appears in the running-config (call-home calls home and updates the trustpool). 6) "crypto pki certificate pool" can't be removed after that.
switch(config)# crypto pki trustpool import url http://www.cisco.com/security/pki/trs/ios.p7b
This issue would be a cosmetic issue for most cases unless you were using a script that depends on your configuration being an exact match.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
