cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

71576
Views
30
Helpful
10
Replies
Highlighted
Beginner

Default Keyring's certificate is invalid

Hi

I'm upgrading my UCS to version 2.0.3c, and everything is working fine.

But when I upgraded the first FI, I got this Major Fault:

Capture3.PNG

I don't dare to upgrade the second FI, before I fix this error.

I have seen that this certificate has to do with secure connection between Client Browser and UCSM.

I haven't made any certificate when the UCS was set up (because there where some consultant that sat up the solution).

What to I need to do?

/Stig Sand

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Default Keyring's certificate is invalid

Since you haven't done anything to the cert since installation, all you need to do is regenerate the default key ring.

Refer to this document, under "Regenerating the Default Keyring":

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.pdf

BR,

Glenn B

View solution in original post

10 REPLIES 10
Highlighted
Beginner

Default Keyring's certificate is invalid

Since you haven't done anything to the cert since installation, all you need to do is regenerate the default key ring.

Refer to this document, under "Regenerating the Default Keyring":

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.pdf

BR,

Glenn B

View solution in original post

Highlighted
Beginner

Default Keyring's certificate is invalid

Thanks for quick response

So all I have to do is ?:

Step 1 UCS-A# scope security

Step 2 UCS-A /security # scope keyring default

Step 3 UCS-A /security/keyring # set regenerate yes

Step 4 UCS-A /security/keyring # commit-buffer

This will not create any issues?

Highlighted
Beginner

Default Keyring's certificate is invalid

That would be correct

Highlighted
Beginner

Default Keyring's certificate is invalid

Then I will try it.

 

I only need to do this once? Not on both FI?

Highlighted
Beginner

Default Keyring's certificate is invalid

You only need to do this on the active FI, not both, no.

Highlighted
Beginner

Default Keyring's certificate is invalid

Thanks Glenn

It did the trick

Highlighted
Beginner

Default Keyring's certificate is invalid

I followed the steps. But the fault was still there. I had to acknowledge the fault to make it go away. Is there a way to verify the keyring certificate is actually good?

Highlighted
Beginner

Default Keyring's certificate is invalid

To answer my own question, refer to this blog post:

http://www.vstrong.info/2012/12/05/how-to-regenerate-expired-ucs-manager-certificate/

I was able to verify the cert is valid.

Highlighted
Beginner

Thanks for the quick fix!!

Thanks for the quick fix!! works great

Highlighted
Beginner

Thanks Glenn. It worked..!!

Thanks Glenn. It worked..!!

Content for Community-Ad