THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
|Affected OS Type
||Affected Software Product
||Affected Release Number
AsyncOS for Content Security Management Appliance (SMA)
12.0.0, 12.0.1, 12.5.0
||QuoVadis root CA decommission on sma|
For all versions of the Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot be renewed from this CA. Once those certificates expire, functions such as Smart Licensing communication will fail to establish secure connections to Cisco and might not operate properly.
The QuoVadis Public Key Infrastructure (PKI) Root CA 2 used by the SMA to issue SSL certificates is subject to an industry-wide issue that affects revocation abilities. Due to this issue, the QuoVadis Root CA 2 will be decommissioned on 2021-03-31. No new certificates will be issued for Cisco by the QuoVadis Root CA 2 after 2021-03-31.
Certificates issued before the QuoVadis Root CA 2 is decommissioned will continue to be valid until they reach their individual expiration date. Once those certificates expire, they will not renew and this might cause functions such as Smart Licensing to fail to establish secure connections.
Beginning 2021-04-01, the IdenTrust Commercial Root CA 1 will be used to issue SSL certificates previously issued by the QuoVadis Root CA 2.
If there is a trust issue between Cisco Smart Agent (CSA) that resides on the SMA and Cisco Smart Software Manager (CSSM), the SMA will fail to send the Authorization Renew Request which triggers an email alert. If the SMA fails to send this request continuously for 90 days to CSSM, then the features on the SMA will automatically be disabled. An alert email will be received with the subject line "Failed to renew authorization of the product with Smart..."
Cisco recommends that SMA customers who run AsyncOS Version 12.x or earlier with the Smart Licensing feature enabled on any physical or virtual model to upgrade to AsyncOS Version 12.8.1 or later.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.