Re: Custom Keyring's certificated is invalid

AGomez12 · ‎02-20-2018

Hi everybody.

At this moment I have an issue with a Keyring's Certificated of the UCS platform of my client.

They have a custom keyring with the name "Produccion2014" which is Expired right now. I have read that I can regenerate the default keyring with the command set regenerate yes on CLI of UCS Manager. Is there a way to regenerated a Custom Keyring's Certificated? How can I do to solve this Major Alarm?

I will really appreciate the help you can give me.

Regards.

Fabián Ramírez · ‎02-22-2018

Hello,

SSH to your Primary Fabric Interconect.

Then:

scope security
scope keyring default
set modulus mod2048
set regenerate yes
commit-buffer

That will drop you out of the UCSM management only, it´s non disruptive. After a bit the alert should clear out.

More info:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy48739

AGomez12 · ‎02-22-2018

Thank you for your answer, Fabian.

It works when the invalid keyring is the Keyring default. But, when I have a Keyring created by another user, those command lines aren't permitted by UCS Manager. And that's my doubt; when I have a keyring created by a user and it's invalid, how can I do to regenerate it?

Fabián Ramírez · ‎02-22-2018

I believe you can:

scope security
scope keyring Keyring-name
set regenerate yes

commit-buffer

You can check "Configuring Communication Services":

https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/cli/config/guide/2-2/b_UCSM_CLI_Configuration_Guide_2_2/b_UCSM_CLI_Configuration_Guide_2_2_chapter_0111.html