Where to confirm this issue :
Check the ucs manager alerts it shows Error code F0909 with keyring default certificate expired.
Get into the SSH session of the ucs manager using putty then run the following command to check the certificate status.
UCS-A# scope security
UCS-A /security # scope keyring detail
Certificate status : expired ( this is what output screen shows)
How to fix this issue:
On the ssh session of the ucs manager run the following command to regenerate the default certificate
UCS-A# scope security
UCS-A /security # scope keyring default
UCS-A /security/keyring* # set regenerate yes
UCS-A /security/keyring* # commit-buffer
UCS-A /security/keyring #
Goback to the ucs manager GUI screen and accept the new certificate. This will close and open the ucs manager gui session again .
If third party certificate is used instead of default.Then import the certificate using command
UCS-A# scope security
UCS-A /security # scope keyring XXXXX ( XXXXX keyring name for ke20)
UCS-A /security/keyring # set trustpoint yyyyy ( yyyyy is the trustpoint name created during the certificate request)
UCS-A /security/keyring* # set cert
Enter lines one at a time. Enter ENDOFBUF to finish. Press ^C to abort.
Keyring certificate:
> -----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXX
> -----END CERTIFICATE-----
> ENDOFBUF
Commit-buffer
Go back and accept the new certificate and the GUI session will close and reopen again.
Check the ucs manager alerts it shows Error code F0909 with keyring default certificate expired.
Get into the SSH session of the ucs manager using putty then run the following command to check the certificate status.
UCS-A# scope security
UCS-A /security # scope keyring detail
Certificate status : expired ( this is what output screen shows)
How to fix this issue:
On the ssh session of the ucs manager run the following command to regenerate the default certificate
UCS-A# scope security
UCS-A /security # scope keyring default
UCS-A /security/keyring* # set regenerate yes
UCS-A /security/keyring* # commit-buffer
UCS-A /security/keyring #
Goback to the ucs manager GUI screen and accept the new certificate. This will close and open the ucs manager gui session again .
If third party certificate is used instead of default.Then import the certificate using command
UCS-A# scope security
UCS-A /security # scope keyring XXXXX ( XXXXX keyring name for ke20)
UCS-A /security/keyring # set trustpoint yyyyy ( yyyyy is the trustpoint name created during the certificate request)
UCS-A /security/keyring* # set cert
Enter lines one at a time. Enter ENDOFBUF to finish. Press ^C to abort.
Keyring certificate:
> -----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXX
> -----END CERTIFICATE-----
> ENDOFBUF
Commit-buffer
Go back and accept the new certificate and the GUI session will close and reopen again.
No comments:
Post a Comment