Hi Leo the question is how i

MarioLieb · ‎06-12-2015

i had to learn that Cisco use a Certificate to deside that the AP is out of maintenance. This Certificate is just 10 Years valid. So now i have the Problem that same AP´s (AIR-LAP1131AG-E-K9/ AIR-LAP1242AG-E-K9) will reach this 10 Year- Mark in some Months. Is there a chance to monitor that lifecycle via SNMP or something else.

Is this the right certificate that i have to check ?

show crypto ca certificates

Certificate
Status: Available
Certificate Serial Number: xxxxxxx
Certificate Usage: General Purpose
Issuer:
cn=Cisco Manufacturing CA
o=Cisco Systems
Subject:
Name: C1130-c47d4fad886a
ea=support@cisco.com
cn=C1130-c47d4fad886a
o=Cisco Systems
l=San Jose
st=California
c=US
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/cmca.crl
Validity Date:
start date: 11:14:50 UTC Dec 10 2009
end date: 11:24:50 UTC Dec 10 2019
Associated Trustpoints: Cisco_IOS_MIC_cert

Regards Mario

Leo Laohoo · ‎06-12-2015

The fix is to upgrade the firmware of the controller to, a minimum of, 7.0.252.0.

Read THIS.

MarioLieb · ‎06-12-2015

Hi Leo

the question is how i can monitor the date when the certifikate expire. BTW we use version 8.0.155.0

Leo Laohoo · ‎06-12-2015

If you run this version, can you disable the AP lifetime-checker? The command is: config ap cert-expiry-ignore {mic|ssc} enable

Additional info can be found HERE.

AP Certificate Monitariong