HPE Community
M and MSM Series
1822219 Members
3763 Online
109642 Solutions
New Discussion

MSM 760 RADIUS Certificate Expiry

 
Thanseer
New Member

‎03-13-2017 12:19 AM

‎03-13-2017 12:19 AM

MSM 760 RADIUS Certificate Expiry

HI

 

I am using HP MSM 760 Controller Its showing a message that "RADIUS-EAP Client Certificate is going to get Expired

Can some one guide me How to renew this certificate

Thanking yOu in Advince

Thanks & Regards

Thanseer M.M

 

2 people had this problem.
0 Kudos
4 REPLIES 4
KSHKND
Advisor

‎03-14-2017 01:30 PM

‎03-14-2017 01:30 PM

Re: MSM 760 RADIUS Certificate Expiry

The reason you see the dummy cert expiring is because it’s a carry-over from an older software during upgrade to 6.6.4.0.
(these old certs are not part of the newer 6.6.4.0 image content)

My recommendation is to;

1. Back-up the MSM configuration to somewhere safe.

2. Factory-Reset the MSM controller. (This will import the newer 6.6.4.0 certs from image file)

3. Restore saved configuration file.

You will note that the certs now have extended expiration dates, and won’t expire any time soon.

0 Kudos
JDNZ
Visitor

‎03-14-2017 01:48 PM

‎03-14-2017 01:48 PM

Re: MSM 760 RADIUS Certificate Expiry

I have a deployment in the same situation.

We are running two MSM760 units in a team with software 5.7.3.0 sr1

Is updating the software the only option? 

I can see we can add another certificate to the store, but I cannot see where to bind that certificate to the Radius service. Are you able to offer any insight?

0 Kudos
Arimo
Respected Contributor

‎03-17-2017 04:04 AM

‎03-17-2017 04:04 AM

Re: MSM 760 RADIUS Certificate Expiry

MSM FW versions 6.6.4 and older contain Dummy certificates that expire April 12 2017.

These certificates are by default associated with the internal RADIUS server. They are not intended to be used in production environment, they are there more to allow users to evaluate whether internal RADIUS would serve their purposes. In production environments they should for security reasons be replaced with either certificates purchased from an official Certificate Authority, or self-signed certificates. We do not recommend a specific CA, anything goes. Instructions on creating self-signed certificates depend on the OS, so please refer to the OS documentation. Instructions for certificate management including adding / removing them, proper format etc. are in the config guide, chapter "Security", section "Certificate management".

If the internal RADIUS isn't used and no other functionality is manually associated with these Dummy certs, the warnings can be safely ignored. However they are an unnecessary log filler and annoyance, so I'd recommend replacing them and associating the internal RADIUS with a new certs anyway. The expired ones can then be deleted.

Another option is to upgrade to 6.6.5. This contains new Dummy certificates which will expire 2016. The internal RADIUS can be configured to use those, and old certs again deleted.

Note that a FW upgrade in most cases requires a SW support contract - in case of a system running 5.7.3 certainly just due to the age of the implementation. If a contract isn't available, the only way is to either replace the certs or ignore the message.


HTH,

Arimo
HPE Networking Engineer
0 Kudos
Arimo
Respected Contributor

‎03-17-2017 04:06 AM

‎03-17-2017 04:06 AM

Re: MSM 760 RADIUS Certificate Expiry

"where to bind that certificate to the Radius service"

GUI -> Security -> Certificate usage


HTH,

Arimo
HPE Networking Engineer
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.