cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Field Notice 70545
92630
Views
35
Helpful
10
Replies
Sandemann
Beginner

Default Keyring's certificate is invalid

Hi

I'm upgrading my UCS to version 2.0.3c, and everything is working fine.

But when I upgraded the first FI, I got this Major Fault:

Capture3.PNG

I don't dare to upgrade the second FI, before I fix this error.

I have seen that this certificate has to do with secure connection between Client Browser and UCSM.

I haven't made any certificate when the UCS was set up (because there where some consultant that sat up the solution).

What to I need to do?

/Stig Sand

1 ACCEPTED SOLUTION

Accepted Solutions
Glenn Bergland
Beginner

Since you haven't done anything to the cert since installation, all you need to do is regenerate the default key ring.

Refer to this document, under "Regenerating the Default Keyring":

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.pdf

BR,

Glenn B

View solution in original post

10 REPLIES 10
Glenn Bergland
Beginner

Since you haven't done anything to the cert since installation, all you need to do is regenerate the default key ring.

Refer to this document, under "Regenerating the Default Keyring":

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.pdf

BR,

Glenn B

Thanks for quick response

So all I have to do is ?:

Step 1 UCS-A# scope security

Step 2 UCS-A /security # scope keyring default

Step 3 UCS-A /security/keyring # set regenerate yes

Step 4 UCS-A /security/keyring # commit-buffer

This will not create any issues?

That would be correct

Then I will try it.

 

I only need to do this once? Not on both FI?

You only need to do this on the active FI, not both, no.

Thanks Glenn

It did the trick

I followed the steps. But the fault was still there. I had to acknowledge the fault to make it go away. Is there a way to verify the keyring certificate is actually good?

To answer my own question, refer to this blog post:

http://www.vstrong.info/2012/12/05/how-to-regenerate-expired-ucs-manager-certificate/

I was able to verify the cert is valid.

Thanks for the quick fix!! works great

Thanks Glenn. It worked..!!

Create
Recognize Your Peers
Content for Community-Ad