No more zero touch on cnPilot, XV and cnMatrix

What is wrong with cnmaestro these days?
I can no longer onboard devices unless I disable certificate validation. This makes it impossible for zero touch deployment as I have to individually log into a switch or an AP to disable certificate validation.

@TimoWanume , this behavior is due to the lack of a current clock on the AP. They come by default with their build date as the start time and once connected to cnMaestro, they will get either an NTP server config or sync time with cnMaestro and remember it. Unfortunately an intermediate cert got updated with a “Not Before” date in Aug 2022, and some APs come from factory with an older build. This certificate in the chain is causing the APs to reject their connection to cnMaestro. If you upgrade the firmware to 6.5 or later or configure an NTP server it will work as well. We will release an FSB (field service bulletin) with more details and tools to manage large deployments in the near future. Apologies for the trouble. Future version of the software will handle this scenario properly.

1 Like