THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
|Affected OS Type
||Affected Software Product
||Affected Release Number
Unified Contact Center Express Latest Updates
||QuoVadis root CA decommission on ccp|
For all versions of Customer Collaboration Portal (CCP), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot be renewed from this CA. Once those certificates expire, functions such as Smart Licensing and Smart Call Home will fail to establish secure connections to Cisco and might not operate properly.
The QuoVadis Public Key Infrastructure (PKI) Root CA 2 used by CCP to issue SSL certificates is subject to an industry-wide issue that affects revocation abilities. Due to this issue, the QuoVadis Root CA 2 will be decommissioned on 2021-03-31. No new certificates will be issued for Cisco by the QuoVadis Root CA 2 after 2021-03-31.
Certificates issued before the QuoVadis Root CA 2 is decommissioned will continue to be valid until they reach their individual expiration date. Once those certificates expire, they will not renew and this might cause functions such as Smart Licensing to fail to establish secure connections.
Beginning 2021-04-01, the IdenTrust Commercial Root CA 1 will be used to issue SSL certificates previously issued by the QuoVadis Root CA 2.
Affected platforms will be unable to register with the Smart Licensing and Smart Call Home server hosted by tools.cisco.com. Smart licenses might fail entitlement and reflect an Out of Compliance status.
Note: Cisco provides a 60-day grace period before affected Smart Licenses are placed in an Authorization Expired status that would impact feature functionality. Smart license registration for new products might be affected and requires the workaround/solution.
For CCP, upgrade to Release 12.5 SU1 or later in order to resolve the root CA certificate issue for affected platforms.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.