Symptom
FXOS fault F0853 and F0855 seen
alarms transmitted to FMC
# show fault
Severity Code Last Transition Time ID Description
--------- -------- ------------------------ -------- -----------
Major F0855 2023-01-05T22:24:50.301 7154000 FDM Trustpoint's cert-chain is invalid, reason: expired.
Major F0853 2023-01-05T22:24:50.300 7153999 FDM Keyring's certificate is invalid, reason: expired.
Conditions
FTD 2100
version 7.1.0.1
Workaround
1.renew default keyring if it is expired by using CLISH CLI:
system support regenerate-security-keyring
2.set HTTP server keyring to default
- No FTD CLI is available, need to use sysopt to enable FxOS CLI
connect fxos
sysopt sam 1001 on
scope system;
scope service
set Https keyring default
commit-buffer
3.delete FDM keyring
scope security
delete trustpoint FDM
delete keyring FDM
commit
sysopt sam 1001 off
4. Run a "show fault" to validate the workaround completed. - If issue has not cleared contact TAC
Further Problem Description
vdfp02# show fault
Severity Code Last Transition Time ID Description
--------- -------- ------------------------ -------- -----------
Major F0855 2023-01-05T22:24:50.301 7154000 FDM Trustpoint's cert-chain is invalid, reason: expired.
Major F0853 2023-01-05T22:24:50.300 7153999 FDM Keyring's certificate is invalid, reason: expired.
```
Simular to CSCvk26612 despite being on fixed release, and both WAs being applied.
