Hello,
At the moment there is no firmware version which renews this certificates and no new certificates are available for download. The question was brought to the attention of the lab and the support is also waiting for information if this certificates will be renewed until the 16 of May.
According to the documentation this certificates are used when the management tool communicates with the HP PCM/PMM (ProCurve Mobility Manager) software.
PCM/PMM are end of support since December 2015 so there shouldnt be many customers using this tools nowadays. For this reason it is possible that there is no renew.
Going to Controller -->Management ->Management Console will let you see if you are using the certificates. If you don't have an IP address of a Mobility Manager then the controller is not managed by a mobility manager and the expiring certificates are not needed.
We are currently checking if this certificates may be necessary for other types of management platforms like iMC or AirWave.
@Ivan_B This is the not the same certificate, you are referring to.
I will update the post once I have more information.
Thanks for the prompt reply. I'm running IMC and the MSM does indeed talk to IMC through that interface. When enabled it shows the service running. There are a number of items that interface through this, one example down further
unchecked no data or host name
Hi @NeilR! the "HPE MSM Controller Series - Certificates for the тАШHP Management consoleтАЩ are Expiring in May 2020" Support a00099698en_us HPE Communication - Customer Advisory (published today 13-05-2020) should be related to (and provide a fix for) your issue.
I'm not an HPE Employee
Thanks Parnassus, however....
New certs installed as per instructions DO NOT WORK with imc.
I tested on a spare controller and would not connect. to IMC (unfortunately deleted the certs as per instructions - DOH! - you can leave them installed until everything looks good. Also a password protected configuration backup will inlcude the certs so you can recover)
I tested again on primary controller (w/o deleting) and switching between certs old vs new has same result. for new
New certs - stuck connecting - see below
Old Certs - connect right away on port 7668
New cert in MSM - stuck like this?
View In IMC
Hello,
Sorry for the delayed answers, I am currenlty OOO.
The first thing I can think of is - maybe iMC doesnt trust the new CA root certificate and thats why an error is displayed. The advisory provides 2 certificates - new_mgmt_console_ca.crt which is the CA root certificate and new_mgmt_console_client.pfx which is the client certificate for the MSM controller. Maybe it is necessary to install the CA certificate on iMC as trusted CA. Because they are not signed by any public CA and wont be trusted by default.
It would be good to see what exactly report iMC and MSM in the logs. A wired trace can also be helpful in identifying where the communication is breaking.
This is just a guess. I am not iMC specialist. Maybe it is better to open a separate question in the iMC section and even much better open a support case if you are entitled to support.
