Extreme Networks

Michael_Kirchne · ‎12-10-2013

Hi,

I just had a major issue beacuse the RADIUS certificate of the NAC/IAM appliance did expire. This caused a big problem because of IEEE 802.1X Authentication was used. The problem was quickly resolved but it could have been avoided if an alarm would have been present.

Best scenario for future releases: If the RADIUS (or any NAC certificate) is about to expire (e.g. in 1 or 2 months) a warning is presented. And in the last days an alarm is caused.

I hope this idea will be realized to avoid major .1X problems 🙂

Best Regards
Michael

M_Nees · ‎11-07-2017

Wants to use certificate Expiring Notice.

But it is current unknown how many days before the notice will be triggered and how to adjust this value to customers demand.

GTAC Case running ...

M_Nees · ‎11-07-2017

Alarm can be configured via (hidden) appliance attributes:
CERT_EXPIRE_WARNING_DAYS=numer-of-days
CERT_EXPIRE_NOTICE_DAYS=numer-of-days

M_Nees · ‎11-07-2017

There are fixed dates which can (currently) not be adjusted:

The first warning is logged as a “minor” alarm 30 days from expiration.
The second warning is logged as a “major” alarm at 7 days from expiration.
It also logs “critical” alarms in these two cases: “Invalid not before” and “Invalid not after” (dates in the cert is what is being referenced by after and before).

Kurt_Semba · ‎08-02-2017

In addition to alarming, there are also two new columns within the end-system list that might be help for you:
Certificate Expiration, Certificate Issuer
Kurt

Extreme Networks

NAC Alarm if RADIUS certificate is about to expire

NAC Alarm if RADIUS certificate is about to expire