Contents

1   Introduction

This document describes how to renew a node credential online.

An online renewal of a node credential can only be performed once the node credential has been installed online, refer to Install Node Credential Online.

Only valid certificates can be renewed with online enrollment. An expired or revoked certificate requires a new installation, refer to Install Node Credential Online.

As shown in Figure 1, renewal of a node credential with online enrollment consists of one main step:

1. The online enrollment starts with a Managed Object (MO) action from the Managed Element (ME). The ME communicates with the enrollment server at the Certification Authority (CA)/Registration Authority (RA), and renews the node credential.

1.1   Prerequisites

This section describes the prerequisites, which must be fulfilled before using the procedure.

1.1.1   Conditions

The following conditions must apply:

• The user has the System Security Administrator role.
• The NodeCredential MO exists and its attributes keyInfo, enrollmentServerGroup, enrollmentAuthority, and enrollmentTimer have been checked.
• The certificate exists and is valid.
• An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

2   Procedure

To renew a node credential online:

1. Navigate to the NodeCredential MO that is to be renewed, for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,CertM=1,NodeCredential=1

2. Start the online enrollment:

   (NodeCredential=1)>startOnlineEnrollment --challengePassword NULL

3. Check the result information of the nodeCredentialId enrollment:

   (config-NodeCredential=1)>show enrollmentProgress

   For a successful online start, the system returns the following:

   result=SUCCESS resultInfo="installed from the online service"

If an error occurs during the execution of the action, attribute enrollmentProgress shows result=FAILURE and resultInfo shows the cause of the failure. Repair the failure and restart the enrollment if needed.