UCSM 2.0(3b) - Keyring Bug

Unanswered Question
Aug 19th, 2012

I have done a few upgrades/installs of 2.0(3b) over the last 7-10 days, and each and every time the installation of this version expires the default keyring and it needs to be regenerated via the CLI.

I noticed this wasn't in the known open caveats so wanted to highlight this here.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
roberbur Tue, 08/21/2012 - 07:05

Jason,

Can you please get me the output of:

scope security

show keyring default detail

There is an open bug on that version that shows the SSL cert validity to be one month (not 7-10 days).  Once we confirm if this is the issue you're seeing I'll request you to open a TAC SR so we can attach the bug and track for you.

Thanks,

Robert

jason.benedicic Mon, 09/03/2012 - 02:54

Hi Robert,

Sorry for the delay in replying. Do you need the output from a system exhibiting the issue or can it be from one that has had the keyring regenerated?

I've fixed most of the installations/upgrades I've done as I don't like to leave with any errors showing. If it needs to be exhibiting the error I can recreate this in our lab tomorrow.

Many thanks,

JB.

roberbur Mon, 09/03/2012 - 08:00

I'd need the output from a "problem system" to identify the bug.  You're applying the correct work around it sounds like so unless its a task to get the output you can just fix it. 

The issue has to do with the default expiration date on the system cert.  Regenerating is is the correct fix.  This will be permanently fixed in future releases also.

Regards,

Robert

padramas Thu, 09/06/2012 - 07:03

Hello Jason,

To add further, you want to check the validity of the certificate before starting the upgrade.

In earlier releases, system does not raise an alert when the certificate has expired.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtr50990

It is fixed in 2.0.3a and above. So it might look like upgrade is generating an alert but really the fixed code is generating alert for an expired certificate that existed before the upgrade.

Padma

Actions

Login or Register to take actions

This Discussion

Posted August 19, 2012 at 2:46 AM
Stats:
Replies:4 Avg. Rating:
Views:792 Votes:0
Shares:0
Tags: ucsm, -, bug, keyring
+
Categories: General UCS Hardware
+

Related Content

Discussions Leaderboard