Issuing a new self signed certificate in UCS Manager

Error shown by cisco ucs central when ucs manage has an expired certificate

Issuing a new self signed certificate in UCS Manager

I was playing around with UCS Central and kept running into issues with the error “UCSM Communication Error Can not access UCSM at *.*.*.*, Click here to verify that it is online and that UCSM security certificate has been accepted”

My UCS domain was about 3 years old, so I had an expired certificate, so while my registration with UCS Central worked fine, I received errors when attempting to push any policies to my UCS Domain.

I checked the validity of the certificate by using the CLI and issuing the commands:

UCS-AS# scope security

UCS-A /security # show keyring detail

This shows me the Cert Status: Expired as can be seen below

To renew my certificate I have entered the following commands:

UCS-A /security #scope keyring default

UCS-A /security/keyring # set regenerate yes

UCS-A /security/keyring* # commit-buffer

After a 5 minute wait

I issued the commands:

UCS-A /security/keyring # scope security

UCS-A /security # show keyring detail

And my certificate is now valid as shown:

I will now need to install my new certificate to my Windows Trusted CA, you could also purchase a certificate for each UCS domain but in my lab environment this is not really necessary.

The certificates are valid for 1 year so this is something worth considering in a production environment.

NOTE: I didn’t see the certificate change in IE so rebooted both my FI’s (one at a time) but I only waited a few minutes and am pretty impatient.