https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/3860942#M709 <P>&nbsp;</P><P>&nbsp;- Yes, that is correct, those with valid certs (not expired) will not be prone to man-in-the-middle attacks.</P><P>&nbsp;M.</P> Wed, 22 May 2019 14:28:58 GMT Mark Elsen 2019-05-22T14:28:58Z https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/3860899#M707 <P>We found a couple of old 1141N AP's in our network that were not associated with the controller. Upon investigation I found that the MIC had expired. We are currently running 8.3.133 on the controllers. If this command is used in the shot term, (until I can replace them with new models)&nbsp; it will only be relevant to AP's with an expired MIC and not affect any other AP's from what I have read correct? Also would this leave them open to man-in-the middle attacks? Thank in advance!</P> Mon, 05 Jul 2021 17:26:48 GMT https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/3860899#M707 daswann 2021-07-05T17:26:48Z https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/3860942#M709 <P>&nbsp;</P><P>&nbsp;- Yes, that is correct, those with valid certs (not expired) will not be prone to man-in-the-middle attacks.</P><P>&nbsp;M.</P> Wed, 22 May 2019 14:28:58 GMT https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/3860942#M709 Mark Elsen 2019-05-22T14:28:58Z https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/3860952#M711 <P>Thank you M. just wanted to make sure. I will be replacing the access points tomorrow so I won't need to use the command but wanted a second set of eyes on it.</P> Wed, 22 May 2019 14:36:49 GMT https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/3860952#M711 daswann 2019-05-22T14:36:49Z https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/4053625#M713 <P>How do you determine the MIC on the expired AP?</P> Fri, 27 Mar 2020 13:31:51 GMT https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/4053625#M713 RHEA LINN 2020-03-27T13:31:51Z https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/4053732#M715 <P>&nbsp;</P> <P>&nbsp; &nbsp;<FONT color="#0000FF"> &nbsp;&nbsp;</FONT><SPAN><FONT color="#0000FF">AP_CLI</FONT>#<STRONG>sh crypto pki certificates</STRONG></SPAN></P> <P><SPAN><STRONG>&nbsp; &nbsp; <EM>&nbsp; &nbsp;&nbsp;</EM></STRONG><EM> Look for the line containing <STRONG>end date</STRONG></EM></SPAN></P> <P><SPAN>&nbsp;M.</SPAN></P> Fri, 27 Mar 2020 15:30:38 GMT https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/4053732#M715 Mark Elsen 2020-03-27T15:30:38Z https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/4166823#M716 <P>Hi Marce - Do you know if the older APs "with expired" certs will be vulnerable to MIMs?</P><P>&nbsp;</P><P>thanks&nbsp;</P> Wed, 14 Oct 2020 15:43:46 GMT https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/4166823#M716 steadroy_em1 2020-10-14T15:43:46Z https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/4530558#M237056 <P><FONT color="#0000FF">AP_CLI</FONT><SPAN>#</SPAN><STRONG>sh crypto pki certificates</STRONG></P><P>&nbsp;</P><P>Does the AP check?<BR />Does WLC check?</P><P>If I use config ap cert-expiry-ignore mic enable on WLC 5520 model, is AP OK in MIC authentication?</P> Thu, 13 Jan 2022 03:02:04 GMT https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/4530558#M237056 namyong1276 2022-01-13T03:02:04Z https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/4650108#M244129 <P>Hello Marce,</P><P>&nbsp;</P><DIV class=""><SPAN class="">Hello,</SPAN> <SPAN class="">I have a Cisco WLC 2504 with version </SPAN><A target="_blank">7.6.130.0</A><SPAN class=""> but both commands below are not available:</SPAN></DIV><DIV class=""><SPAN class="">Command for Version </SPAN><A target="_blank">7.0.252.0: </A></DIV><DIV class=""><SPAN class="">config ap lifetime-check {mic|ssc} enable </SPAN></DIV><DIV class=""><SPAN class="">Command for Versions </SPAN><A target="_blank">7.4.140.0</A><SPAN class=""> and later: </SPAN></DIV><DIV class=""><SPAN class="">config ap cert-expiry-ignore {mic|ssc} enable</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><SPAN class="">Please help</SPAN></DIV><DIV class=""><SPAN class="">Thank you,</SPAN></DIV> Thu, 14 Jul 2022 08:18:14 GMT https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/4650108#M244129 tanios191 2022-07-14T08:18:14Z https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/4650133#M244135 - You need at least 8.3.x for that.<BR /><BR /> M.<BR /> Thu, 14 Jul 2022 09:37:44 GMT https://community.cisco.com/t5/wireless/config-ap-cert-expiry-ignore-mic-ssc-enable/m-p/4650133#M244135 Mark Elsen 2022-07-14T09:37:44Z