Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Installation Instructions for the Keystone Certificate Patch


The keystone certificate for on-premises deployments expires on April 24, 2022. After the certificate expires, SSO and other CSO functionality might be impacted. You must install the patch to renew the keystone certificate. You can install the patch either before or after the certificate expiry date. CSO functions normally after the certificate is renewed.

To install the patch:

  1. Download the General_OnPrem_CSO_Cert_6.1_Patch_2022.tgz patch installer package from the CSO Downloads page to the startupserver1 VM:
  2. Log in to the startupserver1 VM as root.
  3. On the startupserver1 VM, create the folder 6.1_cert_patch and extract the installer package.
    root@host:~/# mkdir 6.1_cert_patch
    root@host:~/# cd 6.1_cert_patch
    root@host:~/6.1_cert_patch# tar –xvzf General_OnPrem_CSO_Cert_6.1_Patch_2022.tgz

    The contents of the installer package are extracted in a directory with the same name as the installer package.

  4. Install the certificate patch:
    • Navigate to the General_OnPrem_CSO_Cert_6.1_Patch_2022 directory.

      root@host:~/6.1_cert_patch# cd General_OnPrem_CSO_Cert_6.1_Patch_2022.tgz
    • Run the ./ script.

      root@host:~/6.1_cert_patch/General_OnPrem_CSO_Cert_6.1_Patch_2022.tgz# ./
  5. Navigate to the CSO directory and run the script to check the status of infrastructure components:
    root@host:~/Contrail_Service_Orchestration_6.1.0# ./