Loading...
Loading...
Some of the certificates included with the MSM7xx software are expiring and need to be replaced.A warning message appears on the “Home” screen of the MSM7xx series controller indicating that there are expiring certificates. The message is“! Warning: 2 certificate(s) is(are) about to expire. Please go to the Certificates page for more information”
HARDWARE Products affected:HP MSM765 Zl Premium Mobility Controller (J9370A)HP MSM760 Premium Mobility Controller (J9420A)HP MSM760 Access Controller (J9421A)HP MSM720 Access Controller (WW) (J9693A)HP MSM720 Premium Mobility Cntlr (WW) (J9694A)HP MSM720 TAA Access Controller (J9695A)HP MSM720 TAA Premium Mobility Cntlr (J9696A)HP MSM775 zl Premium Controller Module (J9840A)HP MSM710 Mobility Controller (J9325A)HP ProCurve MSM730 Mobility Controller (J9326A)HP E-MSM750 Mobility Controller (J9327A)HP MSM710 Access Controller (J9328A)HP ProCurve MSM730 Access Controller (J9329A)HP E-MSM750 Access Controller (J9330A)FIRMWARE Versions affected: AllThird-Party or other HPE Aruba Products affected: HP ProCurve Manager/ HP ProCurve Mobility Manager (HP PCM/PMM.)
The certificates that are about to expire are used by the MSM7xx Series controller to interface with HP PCM/PMM software. HP ProCurve Manager/ HP ProCurve Mobility Manager are management tools.These certificates must be replaced in order to allow the PCM/PMM software to function. However, if you do not use this software, it is not necessary to replace the certificates; you may remove them if you wish.To remove the certificates, follow the instructions in the section titled "Removing the Certificates" in this advisory.We strongly recommend that you replace these certificates with your own custom certificates for maximum security. If you wish to replace the certificates with ones that we provide, perform the steps that follow.The problem with the expiring or expired certificates is a cosmetic one - an error message is displayed indicating that the certificates are expiring/expired, with a yellow or red status dot displayed beside the certificate name in the tables on the GUI pages. Active certificates will have a green status dot displayed instead. To resolve this issue, follow the instructions below to replace the certificate:Download thenew certificatesbundle from My Networking Portal or from the software download site for your products. Extract the ZIP file locally on your PC.Log in to the Administrator account on your MSM7xx series controller. Navigate to the “Security” tab, then to the “Certificate stores” tab. Notice the expiring/expired certificates with the yellow/red indicator to the left.Under the “Trusted CA certificate store” section, click on the “Browse” button.Navigate to the location where you extracted the new certificates zip file in step-1.Select the file named “new_mgmt_console_ca.crt” and click on the “Open” button.Then, click on the “Install” button. You will see a certificate called “New Management Console Dummy Authority” has been added to the list in this section.Under the “Certificate and private key store” section, click on the “Browse” button.Navigate to the location where you extracted the new certificates zip file in step-1.Select the file named “new_mgmt_console_client.pfx” and click on the “Open” button.Enter password “hpemsm” (without the quotation marks) and then click on the “Install” button. You should see a certificate called “New Management Console Default client certificate” has been added to the list in this section.Navigate to the “Certificate usage” tab of the “Security” tab.Select the Service called “HP Management console”.On the “Services PKI Management” screen that appears, select “New Management Console Default client certificate” in the dropdown menu in the “Authentication to the peer” section.In the “Peer authentication” section, click on the entry in the box under “Trusted CAs” and then click on the “Remove” button.Then, from the dropdown menu under “Available CAs” select “New Management Console Dummy Authority” and then click on the “Add” button.Click on the “Save” button.Navigate back to the “Certificate stores” tab of the “Security” tab. Notice that the 2 new certificates now have “HP Management console” in the “Current usage” column.The old expired/expiring certificates should now indicate "<not used>" in the “CurrentUsage” column. To remove them, do the following:Click on the trash can icon to the far right of the certificate to be removed. Click “OK” when prompted to confirm the removal.Navigate to the “Home” screen and notice that there is no longer a warning message.The “Certificate stores” tab should now look as follows with respect to the “HP Management Console”.NOTE: In some versions of software, performing a factory reset may require this procedure to be repeated.The following steps must be performed only if you wish to remove the expired/expiring certificates:Removing the certificatesLog in to the Administrator account on your MSM7xx series controller. Navigate to the “Security” tab, then to the “Certificate stores” tab. Notice the expiring/expired certificates with the yellow/red indicator to the left.Navigate to the “Certificate usage” tab of the “Security” tab.Select the Service called “HP Management console”.On the “Services PKI management” that appears, in the “Authentication to the peer” section, select “wireless.hp.internal” for the “Local certificate”.In the “Peer authentication” section, select “Management Console Dummy Authority” in the “Trusted CAs” box, and click on “Remove”.Click on “Save”.Navigate back to the “Certificate stores” tab.The “Current usage” column should now indicate "<not used>" for both certificates.Click on the trash can icon to the far right of the certificates to be removed. Click “OK” when prompted to confirm the removal.Do this action for each certificate, once in the “Trusted CA certificate store” section, and again in the “Certificate and private key store” section.This concludes the certificates removal instructions.
Operating Systems Affected:Not Applicable
Click on a version to see all relevant bugs
Hewlett Packard Enterprise Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.