Re-establishing SIC Trust with Virtual Devices

In the event you encounter connectivity problems due to the loss of SIC Trust for a specific Virtual Device (Virtual System or Virtual Router), you can use the procedure below to manually re-establish the SIC trust.

To manually re-establish SIC Trust with a Virtual Device:

Follow the instructions in the sk34098.

1. On the VSX Gateway or each VSX Cluster Member:
   1. Connect to the command line the VSX Gateway or each VSX Cluster Member.
   2. Log in to the Expert mode.
   3. Examine the VSX configuration to determine the ID of the Virtual Device:

      vsx stat -v

   4. Reset the SIC with the specified Virtual Device:

      vsx sic reset <ID>

2. On the Management Server:
   1. Connect to the command line the Management Server.
   2. Log in to the Expert mode.
   3. On the Multi-Domain Server, change the context to the applicable Target Domain Management Server used to manage the Virtual Device:

      # mdsenv <IP Address or Name of Domain Management Server>

   4. Determine the SIC name of the Virtual Device:

      # cpca_client lscert -stat valid -kind SIC | grep -i -A 2 <Name of Virtual Device Object>

   5. Revoke the SIC certificate of the Virtual Device:

      # cpca_client revoke_cert -n <CN=...,O=...,>

3. Connect with SmartConsole to the Security Management Server or Main Domain Management Server used to manage the VSX Cluster.
4. From the Gateways & Servers view or Object Explorer, double-click the Virtual Device object.
5. Click OK.

   This action creates a new SIC certificate for the Virtual Device and saves it on the VSX Gateway or each VSX Cluster Member.