1. You will sometimes have a certificate expire on your UCSM. This will show up as a “Major” error in your UCSM errors/logs. This can be cleared by re-issuing a new certificate within the fabric interconnects.
2. First, log into the fabric interconnects through SSH.
3. Once you have logged into the FI, use the following commands to re-issue new certificate:
a. #scope security
b. #scope keyring default
c. #set regenerate yes
d. #commit-buffer
i. WARNING!: This WILL disconnect your web sessions. Be wary if you have others currently working in the UCSM, for it will disconnect them all.
4. It can take up to 3-5 minutes to re-generate a new certificate for the UCSM. Give it a few minutes then use the following commands to verify the new key has been created:
a. #scope security
b. #show keyring detail
c. The following should be showing:
i. RSA key modules: ModXXXX
ii. Trustpoint: XXX
iii. Cert Status: Valid (here it should show valid or self-signed, not expired)
5. You should now be able to log back into your UCSM and see the error cleared.
2. First, log into the fabric interconnects through SSH.
3. Once you have logged into the FI, use the following commands to re-issue new certificate:
a. #scope security
b. #scope keyring default
c. #set regenerate yes
d. #commit-buffer
i. WARNING!: This WILL disconnect your web sessions. Be wary if you have others currently working in the UCSM, for it will disconnect them all.
4. It can take up to 3-5 minutes to re-generate a new certificate for the UCSM. Give it a few minutes then use the following commands to verify the new key has been created:
a. #scope security
b. #show keyring detail
c. The following should be showing:
i. RSA key modules: ModXXXX
ii. Trustpoint: XXX
iii. Cert Status: Valid (here it should show valid or self-signed, not expired)
5. You should now be able to log back into your UCSM and see the error cleared.
No comments:
Post a Comment