Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Some of the sample (dummy) certificates included with the MSM7xx software are expiring and need to be replaced. A warning message will appear on the "Home" screen of the MSM7xx series controller indicating that there are expiring certificates. The message is: "! Warning: 2 certificate(s) is(are) about to expire. Please go to the Certificates page for more information"
All MSM 7xx Series controllers running any version of software have sample "dummy" certificates for the Radius server that are expiring in April 2017. As a result, a warning message is now being displayed on the User Interface (UI) after login. Product and Serial Number Cross Reference : Product Number(s) Starting SN Ending SN HP MSM765 Zl Premium Mobility Controller (J9370A) n/a n/a HP MSM760 Premium Mobility Controller (J9420A) n/a n/a HP MSM760 Access Controller (J9421A) n/a n/a HP MSM720 Access Controller (WW) (J9693A) n/a n/a HP MSM720 Premium Mobility Cntlr (WW) (J9694A) n/a n/a HP MSM720 TAA Access Controller (J9695A) n/a n/a HP MSM720 TAA Premium Mobility Cntlr (J9696A) n/a n/a HP MSM775 zl Premium Controller Module (J9840A) n/a n/a HP MSM710 Mobility Controller (J9325A) n/a n/a HP ProCurve MSM730 Mobility Controller (J9326A) n/a n/a HP E-MSM750 Mobility Controller (J9327A) n/a n/a HP MSM710 Access Controller (J9328A) n/a n/a HP ProCurve MSM730 Access Controller (J9329A) n/a n/a HP E-MSM750 Access Controller (J9330A) n/a n/a
The certificates that are expiring are used by the MSM7xx Series controller to start the internal Radius server. Even with the expired certificates, the internal Radius server will still start and will function normally. These certificates are present only to allow EAP-PEAP to work if the client chooses not to verify the server's certificate. We recommend that you replace these certificates with your own certificates for maximum security. The issue with the expired certificates is a cosmetic one, with an error message displayed indicating that the certificates are expiring, and with the certificates shown on the appropriate page of the GUI with a yellow or red dot for status rather than a green one. To resolve this issue, follow the instructions below: NOTE: If your MSM7xx Series controller supports version 6.6.5 and you are entitled to download that version, you can install version 6.6.5 and skip to step 5 below. 1.) Download the new certificates from the software download site for your products on My Networking Portal or follow the instructions provided by HPE Support. Extract the ZIP file locally on your PC. 2.) Log in to the Administrator account on your MSM7xx series controller. Navigate to the "Security" tab, then to the "Certificate stores" tab. Notice the expiring/expired certificates with the yellow/red indicator to the left. 3.) Under the "Trusted CA certificate store" section, click on the "Browse" button. Navigate to the location where you extracted the files in step 1 above, and then select the file named "ca_radius.crt" and click on the "Open" button. Then, click on the "Install" button. You should see a certificate called "Dummy Radius Authority" has been added to the list in this section. 4.) Under the "Certificate and private key store" section, click on the "Browse" button. Navigate to the location where you extracted the files in step 1 above, and then select the file named, "dummy_radius_server_certificate.p12" and click on the "Open" button. Enter the password "hpemsm" (without the quotation marks) and then click on the "Install" button. You should see a certificate called, "Dummy Radius Server Certificate" has been added to the list in this section. 5.) Navigate to the "Certificate usage" tab of the "Security" tab. 6.) Select the Service called "RADIUS EAP". 7.) On the "Services PKI Management" screen that appears, select "Dummy Radius Server Certificate" in the dropdown menu in the "Authentication to the peer" section. 8.) In the "Peer authentication" section, click on the entry in the box under "Trusted CAs" and then click on the "Remove" button. Then, in the dropdown menu under "Available CAs" select "Dummy Radius Authority" and then click on the "Add" button. 9.) Click on the "Save" button. 10.) Navigate to the "Certificate stores" tab of the "Security" tab. Notice that 2 new certificates are now associated with "RADIUS EAP" instead of "<not used>". 11.) For each of the entries with a yellow/red indicator, click on the trash can icon to the far right of that line to remove that expiring/expired dummy certificate. 12.) Navigate to the "Home" screen and notice that the warning message is no longer listed. NOTICE : In some versions of software, performing a factory reset may require this procedure to be redone. If your MSM7XX Series Controllers are teamed, this process must be followed on each team member, individually. RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively via e-mail through HPE Subscriber's Choice. Sign up for Subscriber's Choice at the following URL: Proactive Updates Subscription Form. SEARCH TIP : For hints on locating similar documents on HPE.com, refer to the Search Tips document .