Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
113544
Views
45
Helpful
10
Replies

Default Keyring's certificate is invalid

Go to solution
Sandemann
Level 1
Level 1

‎09-11-2012 12:06 AM - edited ‎03-01-2019 10:36 AM

Hi

I'm upgrading my UCS to version 2.0.3c, and everything is working fine.

But when I upgraded the first FI, I got this Major Fault:

Capture3.PNG

I don't dare to upgrade the second FI, before I fix this error.

I have seen that this certificate has to do with secure connection between Client Browser and UCSM.

I haven't made any certificate when the UCS was set up (because there where some consultant that sat up the solution).

What to I need to do?

/Stig Sand

9 people had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
Glenn Bergland
Level 1
Level 1

‎09-11-2012 12:28 AM

Since you haven't done anything to the cert since installation, all you need to do is regenerate the default key ring.

Refer to this document, under "Regenerating the Default Keyring":

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.pdf

BR,

Glenn B

View solution in original post

10 Replies 10

Go to solution
Glenn Bergland
Level 1
Level 1

‎09-11-2012 12:28 AM

Since you haven't done anything to the cert since installation, all you need to do is regenerate the default key ring.

Refer to this document, under "Regenerating the Default Keyring":

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.pdf

BR,

Glenn B

Go to solution
Sandemann
Level 1
Level 1
In response to Glenn Bergland

‎09-11-2012 12:33 AM

Thanks for quick response

So all I have to do is ?:

Step 1 UCS-A# scope security

Step 2 UCS-A /security # scope keyring default

Step 3 UCS-A /security/keyring # set regenerate yes

Step 4 UCS-A /security/keyring # commit-buffer

This will not create any issues?

Go to solution
Glenn Bergland
Level 1
Level 1
In response to Sandemann

‎09-11-2012 12:34 AM

That would be correct

Go to solution
Sandemann
Level 1
Level 1
In response to Glenn Bergland

‎09-11-2012 12:36 AM - last edited on ‎03-04-2020 04:59 PM by Cisco Employee

Then I will try it.

 

I only need to do this once? Not on both FI?

Go to solution
Glenn Bergland
Level 1
Level 1
In response to Sandemann

‎09-11-2012 12:41 AM

You only need to do this on the active FI, not both, no.

Go to solution
Sandemann
Level 1
Level 1
In response to Glenn Bergland

‎09-11-2012 12:48 AM

Thanks Glenn

It did the trick

Go to solution
JLinCostco
Level 1
Level 1
In response to Sandemann

‎03-14-2013 04:21 PM

I followed the steps. But the fault was still there. I had to acknowledge the fault to make it go away. Is there a way to verify the keyring certificate is actually good?

Go to solution
JLinCostco
Level 1
Level 1
In response to JLinCostco

‎03-14-2013 04:50 PM

To answer my own question, refer to this blog post:

http://www.vstrong.info/2012/12/05/how-to-regenerate-expired-ucs-manager-certificate/

I was able to verify the cert is valid.

Go to solution
Paul Letbetter
Level 1
Level 1
In response to Sandemann

‎08-04-2016 01:56 PM

Thanks for the quick fix!! works great

0 Helpful

Go to solution
rahulkatyal
Level 1
Level 1
In response to Glenn Bergland

‎09-27-2015 03:29 AM

Thanks Glenn. It worked..!!

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking products for a $25 gift card