本帖最后由 fanleimin 于 2014-6-13 10:11 编辑 最近发现UCSM的自签名证书过期了,如下图:
网上查了一下,好像重新申请一个自签名证书UCS并不会重启,只是GUI界面暂时连接不到,请各位大牛鉴定一下。
申请方式如下:
The default (self-signed) UCSM keyring certificate must be manually regenerated if the cluster name changes or the certificate expires (it is valid for one year).Affected object: sys/pki-ext/keyring-defaultDescription: default Keyring's certificate is invalid, reason: expiredCause: invalid-keyring-certificateCode: F0910
Here is what needs to be done:
- Make sure Fabric Interconnects have correct time settings, preferably configured to synchronise time with a NTP server(s). UCSM – Admin – All – Timezone Management;
- SSH to UCS Manager cluster IP address and login as an administrator user;
- Issue the following commands:
| VFC01-A# scope security VFC01-A /security # scope keyring default VFC01-A /security/keyring # set regenerate yes VFC01-A /security/keyring* # commit-buffer |
- N.B. After you issue ‘commit-buffer‘ command, all GUI sessions will be disconnected;
- After a couple of minutes, validate new certificate:
| VFC01-A /security/keyring # scope security VFC01-A /security # show keyring detail Keyring default: RSA key modulus: Mod1024 Trustpoint CA: Cert Status: Valid |
- Open web browser, connect to UCSM cluster IP address and accept the certificate warning. BTW, It might be a good idea to look into getting a CA-signed certificate…
Mozilla Firefox users: Should you have any problems with new certificate, go to Tools – Options – Advanced – Encryption – View Certificates and delete old/expired UCSM certificates.
http://www.vstrong.info/2012/12/05/how-to-regenerate-expired-ucs-manager-certificate/