cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
590
Views
0
Helpful
3
Replies

AP Certificate Monitariong

MarioLieb
Level 1
Level 1

Hi @All

i had to learn that Cisco use a Certificate to deside that the AP is out of maintenance. This Certificate is just 10 Years valid. So now i have the Problem that same AP´s (AIR-LAP1131AG-E-K9/  AIR-LAP1242AG-E-K9) will reach this 10 Year- Mark in some Months. Is there a chance to monitor that lifecycle via SNMP or something else. 

Is this the right certificate that i have to check ?

show crypto ca certificates

 

Certificate
  Status: Available
  Certificate Serial Number: xxxxxxx
  Certificate Usage: General Purpose
  Issuer:
    cn=Cisco Manufacturing CA
    o=Cisco Systems
  Subject:
    Name: C1130-c47d4fad886a
    ea=support@cisco.com
    cn=C1130-c47d4fad886a
    o=Cisco Systems
    l=San Jose
    st=California
    c=US
  CRL Distribution Points:
    http://www.cisco.com/security/pki/crl/cmca.crl
  Validity Date:
    start date: 11:14:50 UTC Dec 10 2009
    end   date: 11:24:50 UTC Dec 10 2019
  Associated Trustpoints: Cisco_IOS_MIC_cert

 

Regards Mario

3 Replies 3

Leo Laohoo
Hall of Fame
Hall of Fame

The fix is to upgrade the firmware of the controller to, a minimum of, 7.0.252.0. 

 

Read THIS.

Hi Leo 

 

the question is how i can monitor the date when the certifikate expire. BTW we use version 8.0.155.0 

 

If you run this version, can you disable the AP lifetime-checker?  The command is:  config ap cert-expiry-ignore {mic|ssc} enable 

 

Additional info can be found HERE.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: