Contents
1 Alarm Description
The alarm is raised when a certificate renewal is needed to prevent a secure service failure. The alarm is raised only if the node credential can cause interruption to the secure service.
|
Alarm Cause |
Description |
Fault Reason |
Fault Location |
Impact |
|---|---|---|---|---|
|
The certificate is about to expire and is to be renewed |
The number of days until the certificate expires is equal to or less than defined by the attribute expiryAlarmThreshold |
The threshold for certificate expiration time has been crossed |
Node credential |
Secured service can fail, for example, Internet Protocol Security connection authenticated by expired certificate can fail |
2 Procedure
2.1 Handle Alarm Certificate Management, the Certificate is to Expire
Prerequisites
- This instruction references the following documents:
- No tools are required.
- The following conditions must apply:
- The alarm is raised.
- The user has the System Security Administrator role.
- The user is familiar with the security policy and environment of the organization. The user knows what mechanism is appropriate to use to install and renew node credentials (online, PKCS#12, or CSR).
- If online renewal of node credentials is used, the correct configuration information for enrollment server groups and enrollment authorities is obtained from the IT or security administrator.
- No ongoing maintenance activities are affecting the network or network elements.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
Steps
- Navigate to the NodeCredential managed
object given in the alarm, for example:
>ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,CertM=1,NodeCredential=1
- Check attribute renewalMode.
(NodeCredential=1)>show renewalMode
The following is an example output:
renewalMode=MANUAL
- Select the appropriate action based on the result:
- MANUAL – The alarm can be cleared by performing certificate renewal for the enrolled NodeCredential MO.
- AUTOMATIC – Continue according to the instruction Certificate Management, Automatic Enrollment Failed instead. Further actions are outside the scope of this instruction.
- Based on the security policy, use the appropriate operation
among the following to renew the node credential:
- Renew Node Credential Online
- Install or Renew Node Credential by PKCS 12 (follow the instructions for renewal)
- Install or Renew Node Credential by CSR (follow the instructions for renewal)
- Is the alarm cleared?
Yes: Proceed with Step 8.
No: Continue with the next step.
- Perform data collection, refer to Data Collection Guideline.
- Consult the next level of maintenance support. Further actions are outside the scope of this instruction.
- Job is completed.