M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

MSM 760 RADIUS Certificate Expiry

 
Highlighted
Thanseer
Occasional Visitor

MSM 760 RADIUS Certificate Expiry

HI

 

I am using HP MSM 760 Controller Its showing a message that "RADIUS-EAP Client Certificate is going to get Expired

Can some one guide me How to renew this certificate

Thanking yOu in Advince

Thanks & Regards

Thanseer M.M

 

4 REPLIES 4
Highlighted
KSHKND
Advisor

Re: MSM 760 RADIUS Certificate Expiry

The reason you see the dummy cert expiring is because it’s a carry-over from an older software during upgrade to 6.6.4.0.
(these old certs are not part of the newer 6.6.4.0 image content)

My recommendation is to;

1. Back-up the MSM configuration to somewhere safe.

2. Factory-Reset the MSM controller. (This will import the newer 6.6.4.0 certs from image file)

3. Restore saved configuration file.

You will note that the certs now have extended expiration dates, and won’t expire any time soon.

Highlighted
JDNZ
Occasional Visitor

Re: MSM 760 RADIUS Certificate Expiry

I have a deployment in the same situation.

We are running two MSM760 units in a team with software 5.7.3.0 sr1

Is updating the software the only option? 

I can see we can add another certificate to the store, but I cannot see where to bind that certificate to the Radius service. Are you able to offer any insight?

Highlighted
Arimo
Respected Contributor

Re: MSM 760 RADIUS Certificate Expiry

MSM FW versions 6.6.4 and older contain Dummy certificates that expire April 12 2017.

These certificates are by default associated with the internal RADIUS server. They are not intended to be used in production environment, they are there more to allow users to evaluate whether internal RADIUS would serve their purposes. In production environments they should for security reasons be replaced with either certificates purchased from an official Certificate Authority, or self-signed certificates. We do not recommend a specific CA, anything goes. Instructions on creating self-signed certificates depend on the OS, so please refer to the OS documentation. Instructions for certificate management including adding / removing them, proper format etc. are in the config guide, chapter "Security", section "Certificate management".

If the internal RADIUS isn't used and no other functionality is manually associated with these Dummy certs, the warnings can be safely ignored. However they are an unnecessary log filler and annoyance, so I'd recommend replacing them and associating the internal RADIUS with a new certs anyway. The expired ones can then be deleted.

Another option is to upgrade to 6.6.5. This contains new Dummy certificates which will expire 2016. The internal RADIUS can be configured to use those, and old certs again deleted.

Note that a FW upgrade in most cases requires a SW support contract - in case of a system running 5.7.3 certainly just due to the age of the implementation. If a contract isn't available, the only way is to either replace the certs or ignore the message.


HTH,

Arimo
HPE Networking Engineer
Highlighted
Arimo
Respected Contributor

Re: MSM 760 RADIUS Certificate Expiry

"where to bind that certificate to the Radius service"

GUI -> Security -> Certificate usage


HTH,

Arimo
HPE Networking Engineer