Description:
This document describes the necessary steps if the automatic renewal of the device certificate is not working.
When using the RA-Auto-Approve function in the SCEP client, authentication at the CA is performed using an available device certificate and not a challenge password. A validation error causes the renewal of the device certificate to fail.
The SCEP client is always used in WLAN controller scenarios. The SCEP client can also be used in VPN scenarios if the LANCOM router should obtain the certificates from a SCEP server.
This topic will be is fixed with the following firmware versions:
Procedure:
If possible, the firmware should be updated to one of the LCOS versions listed above. The automatic renewal of the device certificate with the function RA-Auto-Approve will then function properly again.
If the device certificate is still valid, a new certificate can be obtained using the CLI command do Setup/Certificates/SCEP-Client/Update.
The certificate stored in the device can be viewed with the CLI command show SCEP timer (in this case with a WLAN controller). The certificate is valid until March 12, 2019.
Ca/Ra upgrade timer: expires 3/9/2028 15:20:48 current-time 12/6/2018 13:07:31 update-before-3-days still 291867197 sec(3/6/2028 15:20:48) is running
Cert upgrade timer: expires 3/12/2019 15:20:58 current-time 12/6/2018 13:07:31 update-before-2-days still 8129607 sec(3/10/2019 15:20:58) is running
Cert reminder expiration's timer: remind-before-7-days still 7697607 sec(3/5/2019 15:20:58) is running
Cert inform expiration's timer: expires 3/12/2019 15:20:58 still 8302407 sec(3/12/2019 15:20:58) is running
Below is the output from a VPN router. The certificate is valid until March 05, 2019.
Ca/Ra upgrade timer: expires 3/10/2028 9:50:10 current-time 12/6/2018 14:00:49 update-before-3-days still 291930560 sec(3/7/2028 9:50:09) is running
Cert upgrade timer: expires 9/5/2019 13:12:34 current-time 12/6/2018 14:00:49 update-before-2-days still 23411504 sec(9/3/2019 13:12:33) is running
Cert reminder expiration's timer: remind-before-7-days still 22979504 sec(8/29/2019 13:12:33) is running
Cert inform expiration's timer: expires 9/5/2019 13:12:34 still 23584304 sec(9/5/2019 13:12:33) is running |
|