Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
692
Views
40
Helpful
2
Replies

Keyring Critical Alert

Go to solution
jibber.mark1
Level 1
Level 1

‎11-20-2015 05:41 AM - edited ‎03-01-2019 12:28 PM

In my UCS enviornment a major alert was triggered regarding the Default Key ring, certificate is invalid. Will this impact production and what does this alert mean?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Qiese Dides
Cisco Employee
Cisco Employee

‎11-20-2015 05:42 AM

Here is some Cisco documentation providing information regarding the fault that you are
experiencing:

http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/cli/config/guide/2-0/b_UCSM_

CLI_Configuration_Guide_2_0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.html#task_7052

CA63F06F49D29F58D6BA1CF99993

The key ring certificate will expire annually or whenever the cluster name changes. As you
have stated, if you have made no recent upgrades, so this is probably just letting you know
you need to renew the certificate.

The 4 commands listed in that document will resolve the default keyring invalid error.
The following example regenerates the default key ring:

UCS-A# scope security

UCS-A /security # scope keyring default

UCS-A /security/keyring* # set regenerate yes

UCS-A /security/keyring* # commit-buffer

UCS-A /security/keyring #

This is non-disruptive and once it is completed the error will be resolved.

View solution in original post

2 Replies 2

Go to solution
Qiese Dides
Cisco Employee
Cisco Employee

‎11-20-2015 05:42 AM

Here is some Cisco documentation providing information regarding the fault that you are
experiencing:

http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/cli/config/guide/2-0/b_UCSM_

CLI_Configuration_Guide_2_0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.html#task_7052

CA63F06F49D29F58D6BA1CF99993

The key ring certificate will expire annually or whenever the cluster name changes. As you
have stated, if you have made no recent upgrades, so this is probably just letting you know
you need to renew the certificate.

The 4 commands listed in that document will resolve the default keyring invalid error.
The following example regenerates the default key ring:

UCS-A# scope security

UCS-A /security # scope keyring default

UCS-A /security/keyring* # set regenerate yes

UCS-A /security/keyring* # commit-buffer

UCS-A /security/keyring #

This is non-disruptive and once it is completed the error will be resolved.

Go to solution
Wes Austin
Cisco Employee
Cisco Employee
In response to Qiese Dides

‎11-20-2015 05:48 AM

Be Advised...When you regenerate the keyring, you will be kicked out of UCSM temporarily and will need to re-launch the JNLP file to log back in. It may take a couple minutes for the error to clear, but it will.

Let us know the results or if you have problems.

HTH,

Wes

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card