Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1457
Views
5
Helpful
2
Replies

Unable to revert back to default keyring

Daniel Andryszak
Level 1
Level 1

‎10-30-2018 10:08 AM

The trust point (CERTSRV) was deleted without first deleting the keyring (CERTSRV).

I would like to utilize the default keyring and delete the CERTSRV keyring, but I'm unable to.

I tried the following commands below, but I get the error that the CETSRV keyring is in use.

Any suggestions?

 

UCSM-B /security # show keyring
Name RSA key modulus Trustpoint CA
--------------- --------------- -------------
CERTSRV Mod2048 CERTSRV
default Mod2048
UCSM-B /security # delete keyring CERTSRV
UCSM-B /security* # commit-buffer
Error: Update failed: [Cannot delete a keyring-CERTSRV that is in use]
UCSM-B /security* # scope security
UCSM-B /security* # scope keyring default
UCSM-B /security/keyring* # set modulus mod2048
UCSM-B /security/keyring* # set regenerate yes
UCSM-B /security/keyring* # commit-buffer
Error: Update failed: [Cannot delete a keyring-CERTSRV that is in use]

0 Helpful
2 Replies 2

calopez2
Cisco Employee
Cisco Employee

‎10-30-2018 12:03 PM

It is possible that HTTP is using the keyring thus you cannot delete. 

You can change it here:

Step 1    In the Navigation pane, click the Admin tab.
Step 2    On the Admin tab, expand All > Communication Management > Communication Services.
Step 3    Select the Communication Services tab.
Step 4    In the HTTPS area, click the enabled radio button.
          The HTTPS area expands to display the available configuration options.
Step 5    Under Key Ring drop-down list, select a different key ring
Step 6    Delete the keyring from the key ring management
https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/GUI-User-Guides/Admin-Management/3-1/b_Cisco_UCS_Admin_Mgmt_Guide_3_1/b_Cisco_UCS_Admin_Mgmt_Guide_3_1_chapter_0110.html

I hope this helps you.

Regards,
Carlos

 

0 Helpful

Niko Nikas
Cisco Employee
Cisco Employee

‎10-30-2018 12:07 PM

Daniel,

 

I think part of the problem here is that the change wasn't committed (as it failed), but it's still present as an uncommitted changed.

We can see this is the case as you still have the '*' symbol present even when you scope into the default keyring.

 

If you open a new session without any uncommitted changes are you able to generate the default keyring?

 

--

Niko

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking products for a $25 gift card