12-11-2015 09:09 AM - edited 03-01-2019 12:30 PM
Hey everyone,
I posted earlier on a license issue I also have a Key Ring expiration in my critical errors, will this effect my environment?
Regards,
Solved! Go to Solution.
12-11-2015 10:11 AM
Here is some Cisco documentation providing information regarding the fault that you are
experiencing:
http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/cli/config/guide/2-0/b_UCSM_
CLI_Configuration_Guide_2_0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.html#task_7052
The key ring certificate will expire annually or whenever the cluster name changes. As you
have stated, you have made no recent upgrades, so this is probably just letting you know
you need to renew the certificate.
The 4 commands listed in that document will resolve the default keyring invalid error.
The following example regenerates the default key ring:
UCS-A# scope security
UCS-A /security # scope keyring default
UCS-A /security/keyring* # set regenerate yes
UCS-A /security/keyring* # commit-buffer
UCS-A /security/keyring #
This is non-disruptive and once it is completed the error will be resolved.
Regards,
Qiese Dides
12-11-2015 09:32 AM
See here:
https://supportforums.cisco.com/discussion/11601616/default-keyrings-certificate-invalid
This will have no impact whether you regenerate the keyring or not. If you choose to regenerate, you will be kicked out of UCSM temporarily while the keyring is regenerated and then the error will clear shortly after.
Let me know if you have further questions.
HTH,
Wes
12-11-2015 10:11 AM
Here is some Cisco documentation providing information regarding the fault that you are
experiencing:
http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/cli/config/guide/2-0/b_UCSM_
CLI_Configuration_Guide_2_0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.html#task_7052
The key ring certificate will expire annually or whenever the cluster name changes. As you
have stated, you have made no recent upgrades, so this is probably just letting you know
you need to renew the certificate.
The 4 commands listed in that document will resolve the default keyring invalid error.
The following example regenerates the default key ring:
UCS-A# scope security
UCS-A /security # scope keyring default
UCS-A /security/keyring* # set regenerate yes
UCS-A /security/keyring* # commit-buffer
UCS-A /security/keyring #
This is non-disruptive and once it is completed the error will be resolved.
Regards,
Qiese Dides
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide