Contents
1 Description
This instruction describes how to configure the renewal mode of a node credential.
Certificate Management can be used for performing automatic renewals for the NodeCredential Managed Objects (MOs).
When the automatic renewal is enabled, Certificate Management automatically renews the certificate before it expires. The timing for the automatic renewal is calculated from the attribute expiryAlarmThreshold according to the following formula:
renewal time = Certificate's expiration Time - expiryAlarmThreshold - one week
For more information, refer to Install Node Credential Online.
If automatic enrollment fails, a Certificate Management, Automatic Enrollment Failed alarm is triggered.
2 Procedure
2.1 Configure Renewal Mode of Node Credential
Prerequisites
- This instruction references the following document:
- No tools are required.
- The following conditions must apply:
- The user has the System Security Administrator role.
- The node credential is installed.
- The new renewal mode for the node credential is known.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
Steps
- Navigate to the NodeCredential managed
object, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,CertM=1,NodeCredential=1
- Enter Config mode:
(NodeCredential=1)>configure
- Set attribute renewalMode by
setting it to manual or automatic as follows:
- (config-NodeCredential=1)>renewalMode=MANUAL
- (config-NodeCredential=1)>renewalMode=AUTOMATIC
- Commit the setting:
(config-NodeCredential=1)>commit
- Verify the setting:
(NodeCredential=1)>show
The following is an example output:
CertM=1 [...] renewalMode=AUTOMATIC [...]