default Keyring's certificate is invalid, reason: unknown - Page 2

Walter Dey · ‎07-17-2013

After upgrade to 2.1.2a, 2 UCS domains actually came with this error.

Description: default Keyring's certificate is invalid, reason: unknown

Cause: invalid-keyring-certificate

Code: F0909

I did the procedure

FI-A# scope security

FI-A/security # scope keyring default

FI-A/security/keyring # set regenerate yes

FI-A/security/keyring* # commit

Which didn't help ?

Any advice is appreciated

Walter.

Joe Galvan · ‎07-31-2013

I'm also dealing with this issue for a customer. Has a TAC been entered and has there been a response?

Bruce Heimlich · ‎08-01-2013

Hi Joe,

Yes, TAC has been involved and there has been a bug opened against this issue. Engineering is actively looking into this and will work to resolve this problem.

Thanks.

-Bruce

ahallalign · ‎08-19-2013

It's been a few weeks, is there any update to this? I have multiple customer chassis on 2.1(2a) and all having this issue. If I need to open my own case I can, but was hoping to hear about a resolution here.

Thanks,

Allen

padramas · ‎08-19-2013

Hello Allen and all,

If you have upgraded to 2.1.2a and are using self-signed cert and syatem has fault that says cert "status unknown", then no need to open a TAC service request.

Apart from using third party certificate, there is no work around to suppress the fault.

You can safely ignore the alert.

We have fixed the issue where status will be displayed correctly for self-signed certs and would not generate the fault.

The next patch release 2.1.2b will have this fix. I do not have ETA but should be out soon.

I will update the thread once I have additional information.

Thanks for your patience

Padma

Bruce Heimlich · ‎08-19-2013

Thank you Padma, for saying this even more eloquently than I was about to.

Thanks.

-Bruce

padramas · ‎09-10-2013

Hello,

The issue is fixed in UCSM 2.1.2c and above version.

http://www.cisco.com/en/US/docs/unified_computing/ucs/release/notes/UCS_28313.html#wp200273

Padma