取消
显示结果 
搜索替代 
您的意思是: 
cancel
公告

December 2020

2452
查看次数
0
有帮助
0
回复
leimin fan
Beginner

重新申请UCSM自签名证书UCS会重启吗?

本帖最后由 fanleimin 于 2014-6-13 10:11 编辑
最近发现UCSM的自签名证书过期了,如下图:
100107d5foltctzg542mz5.jpg
网上查了一下,好像重新申请一个自签名证书UCS并不会重启,只是GUI界面暂时连接不到,请各位大牛鉴定一下。
申请方式如下:
The default (self-signed) UCSM keyring certificate must be manually regenerated if the cluster name changes or the certificate expires (it is valid for one year).
Affected object: sys/pki-ext/keyring-defaultDescription: default Keyring's certificate is invalid, reason: expiredCause: invalid-keyring-certificateCode: F0910
Here is what needs to be done:

  • Make sure Fabric Interconnects have correct time settings, preferably configured to synchronise time with a NTP server(s). UCSM – Admin – All – Timezone Management;
  • SSH to UCS Manager cluster IP address and login as an administrator user;
  • Issue the following commands:





    VFC01-A# scope security

    VFC01-A /security # scope keyring default

    VFC01-A /security/keyring # set regenerate yes

    VFC01-A /security/keyring* # commit-buffer


  • N.B. After you issue ‘commit-buffer‘ command, all GUI sessions will be disconnected;
  • After a couple of minutes, validate new certificate:





    VFC01-A /security/keyring # scope security

    VFC01-A /security # show keyring detail

    Keyring default:

    RSA key modulus: Mod1024

    Trustpoint CA:

    Cert Status: Valid


  • Open web browser, connect to UCSM cluster IP address and accept the certificate warning. BTW, It might be a good idea to look into getting a CA-signed certificate
Mozilla Firefox users: Should you have any problems with new certificate, go to Tools – Options – Advanced – Encryption – View Certificates and delete old/expired UCSM certificates.
EMC UIM/P users: New certificate needs to be exported from UCSM and imported into UIM/P.
http://www.vstrong.info/2012/12/05/how-to-regenerate-expired-ucs-manager-certificate/
0 条回复0