cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
AMA event- Migrating Existing Networks to Cisco ACI
61503
Views
25
Helpful
10
Replies
Beginner

Default Keyring's certificate is invalid

Hi

I'm upgrading my UCS to version 2.0.3c, and everything is working fine.

But when I upgraded the first FI, I got this Major Fault:

Capture3.PNG

I don't dare to upgrade the second FI, before I fix this error.

I have seen that this certificate has to do with secure connection between Client Browser and UCSM.

I haven't made any certificate when the UCS was set up (because there where some consultant that sat up the solution).

What to I need to do?

/Stig Sand

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Default Keyring's certificate is invalid

Since you haven't done anything to the cert since installation, all you need to do is regenerate the default key ring.

Refer to this document, under "Regenerating the Default Keyring":

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.pdf

BR,

Glenn B

View solution in original post

10 REPLIES 10
Beginner

Default Keyring's certificate is invalid

Since you haven't done anything to the cert since installation, all you need to do is regenerate the default key ring.

Refer to this document, under "Regenerating the Default Keyring":

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.pdf

BR,

Glenn B

View solution in original post

Beginner

Default Keyring's certificate is invalid

Thanks for quick response

So all I have to do is ?:

Step 1 UCS-A# scope security

Step 2 UCS-A /security # scope keyring default

Step 3 UCS-A /security/keyring # set regenerate yes

Step 4 UCS-A /security/keyring # commit-buffer

This will not create any issues?

Beginner

Default Keyring's certificate is invalid

That would be correct

Beginner

Default Keyring's certificate is invalid

Then I will try it, and hope it doesn't fuck up everything

I only need to do this once? Not on both FI?

Beginner

Default Keyring's certificate is invalid

You only need to do this on the active FI, not both, no.

Beginner

Default Keyring's certificate is invalid

Thanks Glenn

It did the trick

Beginner

Default Keyring's certificate is invalid

I followed the steps. But the fault was still there. I had to acknowledge the fault to make it go away. Is there a way to verify the keyring certificate is actually good?

Beginner

Default Keyring's certificate is invalid

To answer my own question, refer to this blog post:

http://www.vstrong.info/2012/12/05/how-to-regenerate-expired-ucs-manager-certificate/

I was able to verify the cert is valid.

Beginner

Thanks for the quick fix!!

Thanks for the quick fix!! works great

Beginner

Thanks Glenn. It worked..!!

Thanks Glenn. It worked..!!

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.