cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
78385
Views
30
Helpful
10
Replies
Highlighted
Beginner

Default Keyring's certificate is invalid

Hi

I'm upgrading my UCS to version 2.0.3c, and everything is working fine.

But when I upgraded the first FI, I got this Major Fault:

Capture3.PNG

I don't dare to upgrade the second FI, before I fix this error.

I have seen that this certificate has to do with secure connection between Client Browser and UCSM.

I haven't made any certificate when the UCS was set up (because there where some consultant that sat up the solution).

What to I need to do?

/Stig Sand

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Since you haven't done anything to the cert since installation, all you need to do is regenerate the default key ring.

Refer to this document, under "Regenerating the Default Keyring":

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.pdf

BR,

Glenn B

View solution in original post

10 REPLIES 10
Highlighted
Beginner

Since you haven't done anything to the cert since installation, all you need to do is regenerate the default key ring.

Refer to this document, under "Regenerating the Default Keyring":

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.pdf

BR,

Glenn B

View solution in original post

Highlighted

Thanks for quick response

So all I have to do is ?:

Step 1 UCS-A# scope security

Step 2 UCS-A /security # scope keyring default

Step 3 UCS-A /security/keyring # set regenerate yes

Step 4 UCS-A /security/keyring # commit-buffer

This will not create any issues?

Highlighted

That would be correct

Highlighted

Then I will try it.

 

I only need to do this once? Not on both FI?

Highlighted

You only need to do this on the active FI, not both, no.

Highlighted

Thanks Glenn

It did the trick

Highlighted

I followed the steps. But the fault was still there. I had to acknowledge the fault to make it go away. Is there a way to verify the keyring certificate is actually good?

Highlighted

To answer my own question, refer to this blog post:

http://www.vstrong.info/2012/12/05/how-to-regenerate-expired-ucs-manager-certificate/

I was able to verify the cert is valid.

Highlighted

Thanks for the quick fix!! works great

Highlighted

Thanks Glenn. It worked..!!

Content for Community-Ad