Duane - I ran this through in my lab. The API call does what you want, but you missed the 'reset-sic' call first (equivalent to clicking it in Smart Console'. However, I could not get SIC to re-establish correctly on several tries with the 'norestart' option, had to restart services before the mgmt server was able to re-establish SIC. It appears without the services restarting the old SIC certificate is still presented in communications based on this error after I ran the reset-sic and set one-time-password options (these worked fine when I removed the norestart option):
mgmt_cli -r true test-sic-status name "DEMOGW7" --format json
{
"sic-message" : "SIC Status for DEMOGW7: Not Communicating. Peer SIC Certificate has been revoked. ** Try to reset SIC on the peer and re-establish the trust **",
"sic-status" : "not communicating",
"sic-name" : "CN=DEMOGW7,O=mgmt-sa1.lab.joeaudet.com.3cphmg"
}
What worked for me was this sequence:
- GW:
- cp_conf sic init abcd1234
- MGMT:
- mgmt_cli reset-sic name "DEMOGW7" --format json
- mgmt_cli set simple-gateway name "DEMOGW7" one-time-password 'abcd1234' --format json
- mgmt_cli test-sic-status name "DEMOGW7" --format json
- mgmt_cli install-policy policy-package "Allow_All_Demo" access true targets.1 "DEMOGW7" --format json
Policy installed successfully, and able to confirm with the below command:
mgmt_cli -r true test-sic-status name "DEMOGW7" --format json
{
"sic-message" : "SIC Status for DEMOGW7: Communicating",
"sic-status" : "communicating",
"sic-name" : "CN=DEMOGW7,O=mgmt-sa1.lab.joeaudet.com.3cphmg"
}
Someone else may have some insight on if you can do it with the 'norestart' option but it didnt work for me. Tested with R81.20 mgmt and R81.10/20 GW versions.
Thanks