Skip to content

Cisco NX-OS: gNOI endpoint does not support LoadCertificateAuthorityBundleRequest #161

New issue
New issue
Open
Open
Cisco NX-OS: gNOI endpoint does not support LoadCertificateAuthorityBundleRequest#161
Labels
area/metal-automationAutomation processes within the Metal project.firmware-bugAn issue that is caused by a firmware malfunction.platform/nxEverything related to Cisco NX-OSvendor/ciscoEverything related to the Cisco that uses GNMI/GNOI.
@swagner-de

Description

@swagner-de
swagner-de
opened on Jan 29, 2026

Problem Statement

The Cisco NXOS Generic Network Operations Interface (gNOI) lacks support for the LoadCertificateAuthorityBundleRequest endpoint, which prevents the installation of Certificate Authority (CA) certificates. This is a major roadblock when implementing gRPC with Mutual TLS authentication, as it requires the CA certificate to be installed on devices.

Vendor Acknowledgement

Cisco has acknowledged this problem and filled CSCwr90920 (login required); however, the bug report refers to LoadCertificteBundleRequest, which does not exist in the gNOI specification. A tentative ETA of end of 2026 for release 10.7.2 was suggested.

Proposed Solution

As an interim solution, we propose using the initial bootscript to deploy the CA bundle and then installing/rotating certificates via NXAPI (CLI over HTTP). This approach allows for automation of certificate management while circumventing the limitation in Cisco's gNOI implementation.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/metal-automationAutomation processes within the Metal project.firmware-bugAn issue that is caused by a firmware malfunction.platform/nxEverything related to Cisco NX-OSvendor/ciscoEverything related to the Cisco that uses GNMI/GNOI.

    Type

    No type

    Projects

    Roadmap

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions