11-20-2015 05:41 AM - edited 03-01-2019 12:28 PM
In my UCS enviornment a major alert was triggered regarding the Default Key ring, certificate is invalid. Will this impact production and what does this alert mean?
Solved! Go to Solution.
11-20-2015 05:42 AM
Here is some Cisco documentation providing information regarding the fault that you are
experiencing:
http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/cli/config/guide/2-0/b_UCSM_
CLI_Configuration_Guide_2_0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.html#task_7052
The key ring certificate will expire annually or whenever the cluster name changes. As you
have stated, if you have made no recent upgrades, so this is probably just letting you know
you need to renew the certificate.
The 4 commands listed in that document will resolve the default keyring invalid error.
The following example regenerates the default key ring:
UCS-A# scope security
UCS-A /security # scope keyring default
UCS-A /security/keyring* # set regenerate yes
UCS-A /security/keyring* # commit-buffer
UCS-A /security/keyring #
This is non-disruptive and once it is completed the error will be resolved.
11-20-2015 05:42 AM
Here is some Cisco documentation providing information regarding the fault that you are
experiencing:
http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/cli/config/guide/2-0/b_UCSM_
CLI_Configuration_Guide_2_0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.html#task_7052
The key ring certificate will expire annually or whenever the cluster name changes. As you
have stated, if you have made no recent upgrades, so this is probably just letting you know
you need to renew the certificate.
The 4 commands listed in that document will resolve the default keyring invalid error.
The following example regenerates the default key ring:
UCS-A# scope security
UCS-A /security # scope keyring default
UCS-A /security/keyring* # set regenerate yes
UCS-A /security/keyring* # commit-buffer
UCS-A /security/keyring #
This is non-disruptive and once it is completed the error will be resolved.
11-20-2015 05:48 AM
Be Advised...When you regenerate the keyring, you will be kicked out of UCSM temporarily and will need to re-launch the JNLP file to log back in. It may take a couple minutes for the error to clear, but it will.
Let us know the results or if you have problems.
HTH,
Wes
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide