CA certificate is not downloadable after rebooting the system

Switch cannot download the CA certificate from ClearPass after rebooting the system in VSF, BPS, and in Standalone mode.

To download the CA certificate using ClearPass, you must configure the following command before rebooting the system:

crypto ca-download usage clearpass retry

In the following scenarios, CA certificate from ClearPass is not downloaded without configuring ClearPass retry option:

  • Switch downloads the configuration file when CA download option is enabled without the ClearPass certificate.

  • config-restore is performed in VSF switch when CA download option is enabled without the ClearPass certificate.

  • When the certificate is deleted and rebooted before performing the CA download force option (crypto ca-download usage clearpass force).

    NOTE: If the force option is triggered, the ClearPass CA certificate will be downloaded without the retry option.