NAC Alarm if RADIUS certificate is about to expire
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-10-2013 08:14 AM
Hi,
I just had a major issue beacuse the RADIUS certificate of the NAC/IAM appliance did expire. This caused a big problem because of IEEE 802.1X Authentication was used. The problem was quickly resolved but it could have been avoided if an alarm would have been present.
Best scenario for future releases: If the RADIUS (or any NAC certificate) is about to expire (e.g. in 1 or 2 months) a warning is presented. And in the last days an alarm is caused.
I hope this idea will be realized to avoid major .1X problems 🙂
Best Regards
Michael
I just had a major issue beacuse the RADIUS certificate of the NAC/IAM appliance did expire. This caused a big problem because of IEEE 802.1X Authentication was used. The problem was quickly resolved but it could have been avoided if an alarm would have been present.
Best scenario for future releases: If the RADIUS (or any NAC certificate) is about to expire (e.g. in 1 or 2 months) a warning is presented. And in the last days an alarm is caused.
I hope this idea will be realized to avoid major .1X problems 🙂
Best Regards
Michael
18 REPLIES 18
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-07-2017 07:31 AM
Wants to use certificate Expiring Notice.
But it is current unknown how many days before the notice will be triggered and how to adjust this value to customers demand.
GTAC Case running ...
But it is current unknown how many days before the notice will be triggered and how to adjust this value to customers demand.
GTAC Case running ...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-07-2017 07:31 AM
Alarm can be configured via (hidden) appliance attributes:
CERT_EXPIRE_WARNING_DAYS=numer-of-days
CERT_EXPIRE_NOTICE_DAYS=numer-of-days
CERT_EXPIRE_WARNING_DAYS=numer-of-days
CERT_EXPIRE_NOTICE_DAYS=numer-of-days
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-07-2017 07:31 AM
There are fixed dates which can (currently) not be adjusted:
The first warning is logged as a “minor” alarm 30 days from expiration.
The second warning is logged as a “major” alarm at 7 days from expiration.
It also logs “critical” alarms in these two cases: “Invalid not before” and “Invalid not after” (dates in the cert is what is being referenced by after and before).
The first warning is logged as a “minor” alarm 30 days from expiration.
The second warning is logged as a “major” alarm at 7 days from expiration.
It also logs “critical” alarms in these two cases: “Invalid not before” and “Invalid not after” (dates in the cert is what is being referenced by after and before).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-02-2017 07:02 AM
In addition to alarming, there are also two new columns within the end-system list that might be help for you:
Certificate Expiration, Certificate Issuer
Kurt
Certificate Expiration, Certificate Issuer
Kurt
