10-30-2018 10:08 AM
The trust point (CERTSRV) was deleted without first deleting the keyring (CERTSRV).
I would like to utilize the default keyring and delete the CERTSRV keyring, but I'm unable to.
I tried the following commands below, but I get the error that the CETSRV keyring is in use.
Any suggestions?
UCSM-B /security # show keyring
Name RSA key modulus Trustpoint CA
--------------- --------------- -------------
CERTSRV Mod2048 CERTSRV
default Mod2048
UCSM-B /security # delete keyring CERTSRV
UCSM-B /security* # commit-buffer
Error: Update failed: [Cannot delete a keyring-CERTSRV that is in use]
UCSM-B /security* # scope security
UCSM-B /security* # scope keyring default
UCSM-B /security/keyring* # set modulus mod2048
UCSM-B /security/keyring* # set regenerate yes
UCSM-B /security/keyring* # commit-buffer
Error: Update failed: [Cannot delete a keyring-CERTSRV that is in use]
10-30-2018 12:03 PM
It is possible that HTTP is using the keyring thus you cannot delete.
You can change it here:
Step 1 In the Navigation pane, click the Admin tab. Step 2 On the Admin tab, expand All > Communication Management > Communication Services. Step 3 Select the Communication Services tab. Step 4 In the HTTPS area, click the enabled radio button. The HTTPS area expands to display the available configuration options. Step 5 Under Key Ring drop-down list, select a different key ring Step 6 Delete the keyring from the key ring management
https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/GUI-User-Guides/Admin-Management/3-1/b_Cisco_UCS_Admin_Mgmt_Guide_3_1/b_Cisco_UCS_Admin_Mgmt_Guide_3_1_chapter_0110.html
I hope this helps you.
Regards,
Carlos
10-30-2018 12:07 PM
Daniel,
I think part of the problem here is that the change wasn't committed (as it failed), but it's still present as an uncommitted changed.
We can see this is the case as you still have the '*' symbol present even when you scope into the default keyring.
If you open a new session without any uncommitted changes are you able to generate the default keyring?
--
Niko
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: