Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

UCSM 2.0(3b) - Keyring Bug

I have done a few upgrades/installs of 2.0(3b) over the last 7-10 days, and each and every time the installation of this version expires the default keyring and it needs to be regenerated via the CLI.

I noticed this wasn't in the known open caveats so wanted to highlight this here.

Everyone's tags (4)
4 REPLIES
Cisco Employee

UCSM 2.0(3b) - Keyring Bug

Jason,

Can you please get me the output of:

scope security

show keyring default detail

There is an open bug on that version that shows the SSL cert validity to be one month (not 7-10 days).  Once we confirm if this is the issue you're seeing I'll request you to open a TAC SR so we can attach the bug and track for you.

Thanks,

Robert

New Member

UCSM 2.0(3b) - Keyring Bug

Hi Robert,

Sorry for the delay in replying. Do you need the output from a system exhibiting the issue or can it be from one that has had the keyring regenerated?

I've fixed most of the installations/upgrades I've done as I don't like to leave with any errors showing. If it needs to be exhibiting the error I can recreate this in our lab tomorrow.

Many thanks,

JB.

Cisco Employee

UCSM 2.0(3b) - Keyring Bug

I'd need the output from a "problem system" to identify the bug.  You're applying the correct work around it sounds like so unless its a task to get the output you can just fix it. 

The issue has to do with the default expiration date on the system cert.  Regenerating is is the correct fix.  This will be permanently fixed in future releases also.

Regards,

Robert

Cisco Employee

UCSM 2.0(3b) - Keyring Bug

Hello Jason,

To add further, you want to check the validity of the certificate before starting the upgrade.

In earlier releases, system does not raise an alert when the certificate has expired.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtr50990

It is fixed in 2.0.3a and above. So it might look like upgrade is generating an alert but really the fixed code is generating alert for an expired certificate that existed before the upgrade.

Padma

821
Views
0
Helpful
4
Replies