To download the
diagnostic signature (DS) file, you require the secure HTTP (HTTPS) protocol.
If you have already configured an email transport method to download files on
your device, you must change your assigned profile transport method to HTTPS to
download and use DS.
Cisco software uses a
PKI Trustpool Management feature, which is enabled by default on devices, to
create a scheme to provision, store, and manage a pool of certificates from
known certification authorities (CAs). The trustpool feature installs the CA
certificate automatically. The CA certificate is required for the
authentication of the destination HTTPS servers. Therefore, to enable the HTTPS
protocol, the firewall is bypassed to access the service call-home (SCH) HTTPS
server. The target URLs, which are defined in the SCH HTTPS server, must be one
of the Technical Assistance Center (TAC) HTTPS URLs:
There are two types
of DS update requests to download DS files: regular and forced-download.
requests DS files that were recently updated. You can trigger a regular
download request either by using a periodic configuration or by initiating an
on-demand CLI. The regular download update happens only when the version of the
requested DS is different from the version of the DS on the device. Periodic
download is enabled by checking responses to periodic inventory messages. When
an inventory message checks for any assigned DS on the device, the device sends
a DS update request message that requests for an updated DS. In a DS update
request message, the status and revision number of the DS is included such that
only a DS with the latest revision number is downloaded.
downloads a specific DS or a set of DSes. You can trigger the forced-download
update request only by initiating an on-demand CLI. In a force-download update
request, the latest version of the DS file is downloaded irrespective of the
current DS file version on the device.