default Keyring's certificate is invalid, reason: expired. Firepower

christianstp1 · ‎12-29-2021

Hello,

I am receiving the below alert from my firepower 2130 chassis.

--

default Keyring's certificate is invalid, reason: expired

--

Im not sure what this means or potentially affects. Any information would be helpful.

Thanks!

marce1000 · ‎12-30-2021

- FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk26612?rfs=iqvred

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Megahertz_MHz · ‎06-20-2024

I found this to be a solution to:

Code - F0853; Description - default Keyring's certificate is invalid, reason: expired

Login to the firewall CLI and enter the following command:

> system support regenerate-security-keyring default

Megahertz_MHz · ‎07-30-2024

Fix for F0853

> system support regenerate-security-keyring default

Fix for F0855

> connect fxos

FW# show fault

**should show something like:

F0853 CLEARED...

F0855 MAJOR...

FW# sysopt sam 1001 on

WARNING: FXOS configuration changes are experimental and are NOT supported.

WARNING: All FXOS changes can be overwritten on next policy deployment.

FXOS option 1001 was enabled.

FW# scope system

FW /system # scope service

FW /system/services # set https keyring default

Warning: When committed, this closes all the web sessions.

FW /system/services* # commit-buffer

Warning: Changes not supported. use: 'connect ftd' to make changes.

FW /system/services # top

FW# scope security

FW /security # delete trustpoint FDM

FW /security* # delete keyring FDM

FW /security* # commit-buffer

Warning: Changes not supported. use: 'connect ftd' to make changes.

FW /security # sysopt sam 1001 off

FXOS option 1001 was disabled.

FW /security # top

FW# show fault