Cisco UCS Manager – Expired Keyring Certificate

If you have managed a UCS environment in the past, I am sure you have ran into this warning before. Certificates provide an extra layer of security and encryption, and you definitely do not want your infrastructure compromised because of it.

How do you fix it? Simple. Regenerate a new certificate for it. No downtime or outage required, just a quick UCS manager blip for the web interface.

Steps required to regenerate the certificate and remove the warning:

  • Login to the primary Fiber Interconnect with an account that has admin privileges
  • Execute the 4 lines of commands below
  • UCS-FI-A# scope security
  • UCS-FI-A /security # scope keyring default
  • UCS-FI-A /security/keyring # set regenerate yes
  • UCS-FI-A /security/keyring # commit-buffer
  • Log back into the UCS manager web UI (if you were already logged in, you were probably kicked out)
  • Validate that the warning has been resolved and it is no longer there
  • Continue to use your warning-free and secure UCS infrastructure environment again

Leave a Reply