Contents

1   Description

This instruction describes how to renew a node credential online.

An online renewal of a node credential can only be performed once the node credential has been installed online, refer to Install Node Credential Online.

Only valid certificates can be renewed with online enrollment. An expired or revoked certificate requires a new installation, refer to Install Node Credential Online.

As shown in Figure 1, renewal of a node credential with online enrollment consists of one main step:

• The online enrollment starts with a Managed Object (MO) action from the Managed Element (ME). The ME communicates with the enrollment server at the Certification Authority (CA)/Registration Authority (RA), and renews the node credential.

2   Procedure

2.1   Renew Node Credential Online

• This instruction references the following documents:
  • Install Node Credential Online
  • Install Node Credential Online
• No tools are required.
• The following conditions must apply:
  • The user has the System Security Administrator role.
  • The NodeCredential Managed Object (MO) exists and its attributes keyInfo, enrollmentServerGroup, enrollmentAuthority, and enrollmentTimer have been checked.
  • The certificate exists and is valid.
  • An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

Steps

1. Navigate to the NodeCredential MO that is to be renewed, for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,CertM=1,NodeCredential=1

2. Start the online enrollment:

   (NodeCredential=1)>startOnlineEnrollment --challengePassword NULL

3. Check the result information of the nodeCredentialId enrollment:

   (config-NodeCredential=1)>show enrollmentProgress

   After a successful online start, the system returns the following:

   result=SUCCESS resultInfo="installed from the online service"

   If an error occurs during the execution of the action, attribute enrollmentProgress shows result=FAILURE and resultInfo shows the cause of the failure. Repair the failure and restart the enrollment if needed.

   Note:  

   If the attribute subjectAltName of the NodeCredential MO is not received in the subject alternative names of the enrolled certificate, the enrollment fails.