Investigating the "CAS(config)# request-appliance-certificate % Failed" error
Release : 220.127.116.11
The "CAS(config)# request-appliance-certificate % Failed" error would always indicate that there isn't communication between the CAS appliance and the appliance.bluecoat.com, hence the appliance's inability to retrieve a new appliance (birth) certificate from the backend.
To demonstrate how this should work and how the PCAP should be collected, and what to look out for on the PCAP, to validate successful communication with the requisite backend servers. See the steps below.
ip host <IP address of the CAS appliance> or port 53
It is expected the "request-appliance-certificate" CLI command, on the CAS would be successful, once the communication with the abrca.bluecoat.com and subscription.es.bluecoat.com backend servers is established. Also, with this, it is expected that the CAS AV license(s) would then be available on the CAS appliance, for activation. From the Broadcom entitlement portal, it should be confirmed that the license is valid and available and would sync with your asset (the CAS appliance), once the communication with the backed is established.
If after the required communication with the requisite backend servers is validated and the "request-appliance-certificate" CLI command on the CAS still fails, this will then be a challenge with the backend licensing server, not being able to sync the license ton the asset. In this case, a GCA licensing ticket should be created, in line with Support procedure, to have the licensing team investigate further. To get to this point, you should have received all the necessary evidences from the customer, as guided above. See further guidance in the Tech, Article with URL: https://knowledge.broadcom.com/external/article/170623/troubleshooting-cas-antivirus-licensing.html