UCSM 2.0(3b) - Keyring Bug

Unanswered Question
Aug 19th, 2012
User Badges:

I have done a few upgrades/installs of 2.0(3b) over the last 7-10 days, and each and every time the installation of this version expires the default keyring and it needs to be regenerated via the CLI.

I noticed this wasn't in the known open caveats so wanted to highlight this here.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Robert Burns Tue, 08/21/2012 - 07:05
User Badges:
  • Cisco Employee,


Can you please get me the output of:

scope security

show keyring default detail

There is an open bug on that version that shows the SSL cert validity to be one month (not 7-10 days).  Once we confirm if this is the issue you're seeing I'll request you to open a TAC SR so we can attach the bug and track for you.



Jason Benedicic Mon, 09/03/2012 - 02:54
User Badges:

Hi Robert,

Sorry for the delay in replying. Do you need the output from a system exhibiting the issue or can it be from one that has had the keyring regenerated?

I've fixed most of the installations/upgrades I've done as I don't like to leave with any errors showing. If it needs to be exhibiting the error I can recreate this in our lab tomorrow.

Many thanks,


Robert Burns Mon, 09/03/2012 - 08:00
User Badges:
  • Cisco Employee,

I'd need the output from a "problem system" to identify the bug.  You're applying the correct work around it sounds like so unless its a task to get the output you can just fix it. 

The issue has to do with the default expiration date on the system cert.  Regenerating is is the correct fix.  This will be permanently fixed in future releases also.



padramas Thu, 09/06/2012 - 07:03
User Badges:
  • Cisco Employee,

Hello Jason,

To add further, you want to check the validity of the certificate before starting the upgrade.

In earlier releases, system does not raise an alert when the certificate has expired.


It is fixed in 2.0.3a and above. So it might look like upgrade is generating an alert but really the fixed code is generating alert for an expired certificate that existed before the upgrade.



This Discussion

Related Content