cancel
Showing results for 
Search instead for 
Did you mean: 

NAC Alarm if RADIUS certificate is about to expire

NAC Alarm if RADIUS certificate is about to expire

Michael_Kirchne
Contributor
Hi,

I just had a major issue beacuse the RADIUS certificate of the NAC/IAM appliance did expire. This caused a big problem because of IEEE 802.1X Authentication was used. The problem was quickly resolved but it could have been avoided if an alarm would have been present.

Best scenario for future releases: If the RADIUS (or any NAC certificate) is about to expire (e.g. in 1 or 2 months) a warning is presented. And in the last days an alarm is caused.

I hope this idea will be realized to avoid major .1X problems 🙂

Best Regards
Michael
18 REPLIES 18

Charles_Yang
New Contributor
I mark on my outlook calendar about radius certs expiration date-- kind of old fashion but works..

Hi Charles, you are right - maintaining the certificates in an outlook calender is a valid and convenient way. And from a customer point of view acceptable for webserver certificates ect. But to clarify something. NAC is an integral part of the NetSight management solution. And with that customers expect alarms if mission critical systems are about to impact their productivity. As I said, I understand and appreciate your comment as you want to give a hint how we can make our life a bit easier with certificates. By the way - this should not bee too difficult to implement as openssl has the functionality built in (openssl x509 -in -checkend Best Regards Best Regards

Max, Thank you for the smile. and I should clarify what I was trying to convey. I know exactly how you felt and what I said I don't mean sarcastically. In my situation, not just for NAC, same certificate expiration date and its re-issuing tasks are now part of corporate life for all other system. When I said we put it in the calendar, we-- IT as a whole, we manage it as a corporate maintenance cycle, put it in production calendar and ensure it is changed/ upgraded when the time come.
Yes, you are right about there is no alarming feature for certs expiration to date. However, our business side of IT operation continues-- utilizing a conventional method as a stop-gap to prevent future "inconvenience" in IT operation--until better technology can make my life easier...
I'd love the see the new feature if GTAC warms up to it. In the meantime, our IT business and its continuity comes first.

-cy

Just to be sarcastic: Yes you are right. Let's stop any effort for improvements. Because the world - how it is - works. 

Michael_Kirchne
Contributor
Dear Extreme Team,

are there any news regarding this issue/idea? There is really a need for it.

GTM-P2G8KFN