Contents
1 Introduction
This document describes how to configure the renewal mode of a node credential.
Certificate Management can be used for performing automatic renewals for the NodeCredential Managed Objects (MOs).
When the automatic renewal is enabled, Certificate Management automatically renews the certificate before it expires. The timing for the automatic renewal is calculated from the attribute expiryAlarmThreshold according to the following formula:
renewal time = Certificate's expiration Time - expiryAlarmThreshold
- one week.
For more information, refer to Install Node Credential
Online.
If automatic enrollment fails, an alarm Certificate Management, Automatic Enrollment Failed is triggered.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has the System Security Administrator role.
- The node credential is installed.
- The new renewal mode for the node credential is known.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
2 Procedure
To configure the renewal mode of a node credential:
- Navigate to the NodeCredential MO,
for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,CertM=1,NodeCredential=1
- Enter Config mode:
(NodeCredential=1)>configure
- Set attribute renewalMode by
setting it to manual or automatic as follows:
- (config-NodeCredential=1)>renewalMode=MANUAL
- (config-NodeCredential=1)>renewalMode=AUTOMATIC
- Commit the setting:
(config-NodeCredential=1)>commit
- Verify the setting:
(NodeCredential=1)>show
The following is an example output:
CertM=1 [...] renewalMode=AUTOMATIC [...]