WAAS 4.2.3 Cert near expiration warning.
I have 6 WAAS NME modules, all running 4.2.3, and all giving this Major warning:
"Certificate waas-self .p12 is near expiration. It is configured as a machine cert in global settings."
How does one go about fixing this warning and getting a new cert?
Deleting the cert doesn't work:
BEL-NME-WAE-Edge#crypto delete pkcs12 _waas-self_.p12
Error: File does not exist
BEL-NME-WAE-Edge#
There doesn't seem to be a cert with that name. The only cert that shows up is the new one I just created called BEL.p12. I looked at the 'alerts' area on the WAAS manager GUI and there is a little more to the error alert:
Certigficate _waas-self_.-12 is near expiration. It is configured as a machine cert in global settings.
I don't know what global settings this is talking about, but here is the output of 'sh crypto certificates':
BEL-NME-WAE-Edge#sh crypt certificates
Certificate Only Store:
Managed Store:
File: BEL.p12 Format: PKCS12
EEC: Subject: C=US/ST=Washington/L=Seattle/O=Group Health/OU=IS/CN=www.ghc.org/emailAddress=[email protected]
Issuer: C=US/ST=Washington/L=Seattle/O=Group Health/OU=IS/CN=www.ghc.org/emailAddress=[email protected]
Local Store:
Machine Self signed Certificate
Format: PKCS12
Subject: C=US/ST=California/L=San Jose/OU=ADBU/O=Cisco Systems/CN=NO-HOSTNAME/emailAddress=[email protected]
Issuer: C=US/ST=California/L=San Jose/OU=ADBU/O=Cisco Systems/CN=NO-HOSTNAME/emailAddress=[email protected]
Management Service Certificate
Format: PKCS12
EEC:Subject: C=US/ST=California/L=San Jose/OU=ADBU/O=Cisco Systems/CN=NO-HOSTNAME/emailAddress=[email protected]
Issuer: C=US/ST=California/L=San Jose/OU=ADBU/O=Cisco Systems/CN=NO-HOSTNAME/emailAddress=[email protected]
The WAAS Self Signed Certificate is being used as the Management Service Certificate
BEL-NME-WAE-Edge#
Any other ideas?
Similar Messages
-
How to delete the alarm "Certificate is near expiration" on multiple WAEs using WAAS CM
Hi,
We are getting "Certificate is near expiration" alarm on more than 200 WAEs . Instead of deleting the expired certificates manually from each device,
how to delete this alarms/certificates on all the devices from WAAS CM ?
Please advice..
Regards,
Ameen.Ameen,
I believe there is script that you could use to address this issue on multiple devices at once.
Please open a TAC case so that TAC Engineer would assist with this.
For a single WAE, it is documented here.
https://supportforums.cisco.com/thread/2010020
Thanks
Anil -
Is there a way I can delete a self assigned local cert so It don't have to worry about it expiring? I had created it for testing purposes. When I tried to delete it using the common name "server.domain.com", it doesn't let me.
Certificate device_cert_key.p12 is near expiration. It is configured as machine cert in global settings
Issued To
Common Name:
server.domain.com
Email:
[email protected]
Organization:
Cisco Systems
Organization Unit:
WAAS
Locality:
San Jose
State:
California
Country:
US
Serial Number:
1279988218916
Issued By
Common Name:
server.domain.com
Email:
[email protected]
Organization:
Cisco Systems
Organization Unit:
WAAS
Locality:
San Jose
State:
California
Country:
US
Validity
Issued On:
Sat Jul 24 16:16:58 UTC 2010
Expires On:
Sun Jul 24 16:16:58 UTC 2011
Fingerprint
SHA1:
E3:04:2E:C0:6A:C4:7C:44:DB:56:C9:3F:51:D8:5F:C7:8E:BA:D1:DA
Base64:
4wQuwGrEfETbVsk/Udhfx4660do=
Key
Type:
SHA1WithRSAEncryption
Size (Bits):
1024The factory self assign is not the one that has expired. It's the one that I've created for testing purposes. I figured out on how to delete it. Thanks for the info on the bug ID CSCte05426.
Alarm ID Module/Submodule Instance
1 cert_near_expiration sslao/SGS/gsetting cert_near_expiration
Jun 25 01:40:17.657 UTC, Processing Error Alarm, #000076, 26000:26005
Certificate device_cert_key.p12 is near expiration. It is configured as machine cert in global settings
crypto delete pkcs12 device_cert_key.p12
show crypto certificate-detail factory-self-signed
Bag Attributes
localKeyID: 2A 2A BA 01 B8 C0 17 8C 9B A9 7F 23 43 D8 66 DA 3C B3 02 07
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29 (0x1d)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=San Jose, OU=ADBU, O=Cisco Systems, CN=NO-HOSTNAME/emailAddress=[email protected]
Validity
Not Before: Jan 15 19:55:12 2009 GMT
Not After : Jan 14 19:55:12 2014 GMT -
Outlook 2013 Clients certificate has expired warning or not yet valid
Hello,
We had been through a migration from exchange 2010 to 2013 in the last year but have had an ongoing issue with
some Outlook clients getting a certificate warning after they launch the client. Not all Outlook clients experience this. We've just recently uninstalled exchange from our 2010 servers and shut them
down. What we have left are two 2013 servers in a DAG. The certificate these Outlook clients are complaining about had expired in 2012. Here is the warning they are getting:
"Certificate has expired warning or not yet valid"
I've been through numerous threads/sites regarding this error but it always ends up that there was an expired cert hanging out somewhere. I cannot seem to find an expired cert anywhere...
I've ran the 'Get-ExchangeCertificate | fl' cmdlet and I see 7 certs listed, none of which match the thumbprint on the Cert Warning on Outlook.
When I check the registry of the Exchange servers here: HKLM>Software>Microsoft>SystemCertificates>My>Certificates
I can see 7 certificate entries listed there and the thumbprint matches those of the cmdlet ran from
EMS.
OWA shows the correct cert expiring in 2015 and Outlook clients are pointed to the 2013 servers. We do have a load balancer that AutoDiscover, OWA, SMTP are going through.
It seems like some of these Outlook clients are still looking at the decommissioned 2010 Exchange servers' old certificate. Any ideas on how I can get outlook to point to the new certificate/server?
Thanks.
Rory
Rory SchmitzHi Rory,
If possible, could you please post the Get-ExchangeCertificate | FL results about the certificate which is assigned with IIS service here?
If the issue only happens for some users instead of all users, please create a new Outlook profile for the problematic user to check whether the issue persists. Please make sure the certificate name which is reported as expired or not valid is included
in the IIS service certificate in your Exchange 2013.
In Exchange server side, please restart IIS service by running IISReset /noforce from a command prompt window to have a try.
Regards,
Winnie Liang
TechNet Community Support -
How to suppress distibution certificate expiration warning messages?
We have an enterprise license and distribute internal apps using a distribution provisioning profile. We've updated the distribution certificate to be valid for 2013, but continue to get the pop-ups about the expiring certificate on the employees iPads.
Is there a way to prevent the pop-ups for expiring certificates?
Thanks
TK_digiHi
Answer is pure assumption.
Pls check the following OSS notes
Note 319094 - Warning message during batch classification in IM
Note 122937 - UD: Error message M7207 when you save
Note 399416 - Message M7207 not analyzed in background
Note 786755 - You cannot suppress message M7 207
Note 201196 - MIGO: Error M7207 for goods receipt for batch
Pls take opinion from SAP / Basis before implementing the OSS note
Regards
Madhan D -
No password expiration warning
Dear,
When setting a password with the use of the command passwd -w <days> <username>, the selected user is not being warned about the expiration date when logging in.
However, when using passwd –f <username> it prompts the user at the login for a new password.
Example:
passwd -w 7 extelt
passwd -x 30 extelt
passwd -s extelt
(Command set at 7/6/2011)
So the password expires at 07-07-2011.
Should start warning the user at 30-06-2011.
As explained, there are no warnings given from the 'checkpoint (30-06-2011)'.
What else can i try?
Thanks in advance.
Regards,
TommyDid you also upgrade the Password Compatibility to 6?
If so, then all the password attributes will have a prefix of "pwd" instead of "password" so it might break somethings in your application if it is looking for "passwordExpirationTime" or something.
Thanks. -
Annual Line Rental nearly expired, so DD doubled.
I've just received my latest bill; the first thing it tells me is that BT is raising my DD from £32pm to £60.60. There are two reasons for this :
1. My annual line rental expires 19/2/13. Fine, I intend to renew it this weekend. However, I've been charged for line rental from 26/1 to 25/4 (with a credit from 26/1 to 19/2).
2. We've been paying about £15-20 per qtr for calls to our son's mobile. He's just had BT phone and internet installed this month, so they'll disappear.
My first reaction was to try to have the DD reduced, even if just to £40. Using 0800 443311, you go through a long series of options, the last two being "amend your DD" and finally "Increase your DD". No other option, no chance to speak to anyone.
So I then rang 0800 800 150. Alas, after finally getting through, we had difficulty understanding each other. However, it seemed to come down to :
a) The only way to decrease my DD is to pay off the £90 debit. I have no problem with that, except that I'd then be paying the £33 line rental.
b) If I renew my annual line rental, it seems I'll have the £33 credited - in my next bill.
Obviously, it would all work out, because the debit would disappear, including the line rental. The credit would then be applied against the total of the next bill (wouldn't it?).
Again, I'd have had no problems taking these steps, in either order, provided that I could have a revised bill sent to me fairly soon. Alas, I'd have to wait three months, until my next bill arrived, to ensure everything had gone through smoothly.
Does anyone with experience of these things have any advice on the best course of action?
Solved!
Go to Solution.I've now read a few earlier threads on this, and I think I've grasped the situation (which probably means I haven't).
I'm happy to renew my Annual Lline Saver (ALS), and move to monthly billing.
Presumably, to move to monthly billing, I'd have to pay off my credit balance, which includes £33 line rental. There's no mention of outstanding balances in the ALS T&C.
The situation I want to avoid is that of paying the £33 twice; once when I renew the ALS, and again when I pay off the credit balance.
While I'm sure any problems would be resolved eventually, I'd just like to avoid them if I can.
Does anyone who's made this move have any advice? I assume that everyone whose ALS termination date didn't coincide with their billing date would have the same problem. -
Credentials popup after password is about to expire warning
Hi,
We recently upgraded to Exchange 2013 CU3, and are experiencing a strange problem.
When user passwords are about to expire, the user get a message "password will expire in x days, do you want to change it now?"
When they choose not to change it right away, they receive a security popup when starting up outlook.
If they give in their credentials it's OK.
After changing the password, they also stop receiving these popups.
3 Exchange servers configured
Connecting via F5 HLB
OutlookAnywhere authentication shold
ExternalClientAuthenticationMethod, InternalClientAuthenticationMethod are configured to use Ntlm
IISAuthenticationMethods can be used via Basic, Ntlm, Negotiate authenticationHi D,
Sorry for the reply above, the format corrupted. I just cannot delete it. I don't know why.
Suggestions as below:
1. Please using OWA to check whether this issue exists. If everything is well in OWA, it seems an issue on the Outlook client side.
2. Please re-creating new profile to refresh the caches.
3. Please delete the credentials on Windows. Detailed steps in the following article:
Remove stored passwords, certificates, and other credentials
http://windows.microsoft.com/en-HK/windows7/remove-stored-passwords-certificates-and-other-credentials
Hope it is helpful
Thanks
Mavis
(format still strange, don't konw why.)
Mavis Huang
TechNet Community Support -
How fix mail security cert name mismatch warning
Mail is periodically warning about trusting "inbound.att.net" when connecting to "pop.att.yahoo.com".
It says: "This certificate is not valid (host name mismatch)"
and it warns that I may be the victim of foul play.
I have avoided checking the "always trust" box and am trusting as each warning appears.
(iMac is brand new; have never seen any such message on WindowsXP computer in recent use with same mail account using Thunderbird.)
Should I take this as a serious security warning?
Just need to change some setting? (They all match AT&T's requirements as far as I can see.)
A problem at AT&T / Yahoo?
Thanks for any suggestions!Maribod,
You also may want to repost in the Mail and Address Book forum. Click Apple Support Communities then type Snow Leopard and click Refine this list where you will find information on Mail and Address Book. Mail and Address book are part of OS X which is why they are in the Snow Leopard forum.
Roger -
OID Not send password expiration warning
Hi all,
i have set password policy with the follow attributes:
pwdexpirewarning: 10367998
pwdmaxage: 10368000
When user logon the attribute pwdexpirationwarned is set, but expiration message with error code 9002 is not send.
Solution?
Thankswhich OID version are you using?
--Olaf -
[C7288] Display stuck with "Ink Expiration Near"
The display on the MFD is stuck with "Ink Expiration Near" message for Light Cyan and Light Magenta.
Although the message says "To continue with this ink press OK".........Even if I press OK, nothing happens. Infact, none of the buttons seem to do anything other than playing the key tone.
I can't print anything through the computer either. Please help.Hi @videoarizona,
Welcome to the HP Forums!
I see that your HP Photosmart C6150 will not allow you to print with a "ink near expiration date" warning. I am sorry to hear this, but happy to look into this for you!
Please take a look through this guide, Ink Expiration.
Most likely it is time to change the ink cartridges, if the the printer will not allow you to override the warning.
Hope this answers your question, and have a great day!
RnRMusicMan
I work on behalf of HP
Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
Click the “Kudos Thumbs Up" to say “Thanks” for helping! -
Hi After getting the below message i updated my cert but now have 3 of the same certs? Can i delete the expired cert?????
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of SERVER.domainname.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the
FQDN of SERVER.domainname.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
I used "Get-ExchangeCertificate | Select CertificateDomains,Thumbprint,Status,Services | fl"
to see which cert was expired
I used "Get-ExchangeCertificate –Thumbprint 91D4C277BE4DF5FA15FC76D936375B7766ABCC23 | New-ExchangeCertificate" to replace the expired cert
I re-ran "Get-ExchangeCertificate | Select CertificateDomains,Thumbprint,Status,Services | fl"
to see if it had worked
but now i have two certs one expired the other not. Can i delete the expired cert?????Hi
Yes you can delete the expired certificate which are showing as it is not functional anymore and they remain as stale entries
You can use below command
Remove-ExchangeCertificate -Thumbprint "specify the value "
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com -
Windows 7 Expired Password - Recvd Warning prompts but not forced to change password
Our Windows 7 users are prompted when their passwords will expire in 14 Days, however They are not forced to change thier password before it expires. If the users ignore the expiration warning they can only get logged into the network after having the helpdesk
reset thier password.
Is there a way to force Windows 7 users to change thier passwords on the day it expires. Our WinXP users get the 14 day warning and are forced to change thier passwords on day 14.
I have the GPO configured to notifiy users when thier passwords will expire in 14 days
Thank you,
GlenHi,
After applying above settings, the user can change the password by default at the expire day. Please create a new domain profile and test the issue on several Windows
7 machines. Can the user be enforced to change password at expire day? If not, please refer to the following steps to collect the information for research.
1. On the DC, open GPMC, right-click Group Policy Results, choose Group Policy Results Wizard, follow the wizard to collect a Group Policy result for problematic
Windows 7 client.
2. On the Windows 7 machine where GPO failed to apply, please perform the following steps to collect log files:
a) Please add the specified registry key to enable group policy log (%windir%\debug\usermode\gpsvc.log), and remove or rename it to disable group policy log after
collecting data. You may need to create the Diagnostics key if it is not there.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Type: DWORD
Value: GPSvcDebugLevel
Data: 0x30002 (hexadecimal)
b) Then on the problematic Win7 machine, run command “gpupdate /force”.
c) Then on the problematic Win7 machine, run command “gpresult /v > gpr_win7.txt”, send me gpr_win7.txt file.
d) On the problematic Win7 machine, run command “eventvwr”, then expand to Applications and service logs -> Microsoft -> windows -> groupPolicy
-> Operational. Right-click on it and click “save event as”. Save the file as .evtx format and send it to me.
e) After that, please send me the above output files. (please zip them first and then send them to me).
- %windir%\debug\usermode\gpsvc.log
- gpr_win7.txt
- win7.evtx
Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the GPMC
result and the zip files, and then give us the download address.
Thanks,
Novak
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ” -
Hi All,
Groupwise web access will not load any more giving:
HTTP Status 404 -
type Status report
message
description The requested resource () is not available.
Apache Tomcat/5.5.27
In digging around I found the cert had expired. I tried renewing it in
iManager/Novell certificate Server but no joy. When I view the
certificate, it still says "Expires on: 04/23/2010".
This has always been my bug-a-boo. What is the TID that covers this?
Server:
cat /etc/novell-release
Novell Open Enterprise Server 2.0.2 (i586)
VERSION = 2.0.2
PATCHLEVEL = 2
BUILD = FCS
cat /etc/SuSE-release
SUSE Linux Enterprise Server 10 (i586)
VERSION = 10
PATCHLEVEL = 3
Groupwise 7.0.3
Thanks
Bob CrandellOn Thu, 20 Oct 2011 21:10:56 +0000, Craig Johnson wrote:
> In article <lZYnq.119$[email protected]>, Bob Crandell
> wrote:
>> In digging around I found the cert had expired. I tried renewing it in
>> iManager/Novell certificate Server but no joy. When I view the
>> certificate, it still says "Expires on: 04/23/2010".
>>
> Did you restart apache or the server after renewing the certificates?
>
> Craig Johnson
> Novell Support Connection SysOp
I restarted Apache but not the server.
etc/init.d/apache2 stop
/etc/init.d/novell-httpstkd stop
/etc/init.d/novell-tomcat5 stop
and
/etc/init.d/novell-tomcat5 start
/etc/init.d/novell-httpstkd start
/etc/init.d/apache2 start
So I should restart the server?
Thanks -
Leopard: AD Plugin Doesn't Warn Me When My AD Password Expires?
I just noticed that my Windows PC is informing me that my AD password will expire in days. However, My Leopard Mac which is also bound to the same AD domain is not giving me the password expiration warning. I know that the AD plugin in Tiger (10.4.x) used to warn me about upcoming password change policies etc, but 10.5.1 is not.
Has anyone noticed this behavior?
Also - has anyone had any luck changing their AD password from a 10.5 client using the Accounts Preference Pane? I remember that Tiger was a little buggy sometimes...Thanks Strontium90!
Turns out that is exactly what happened. I am testing the adpassmon utility now... very cool! I like how it allows you to change you password.
I have had quite a few occasions where users change their passwords at login when their AD password expires... which knocks their keychain out of sync. This tool may just be the ticket.
One again, many thanks!
Ray
Maybe you are looking for
-
I tried to upgrade to Firefox 5 this morning. Now Firefox 5 won't open. Gives me error message, you have to reboot computer. I did 4 times, but there is no change. In a loop. I tried downloading ver 5 from IE, but still have the same problem. Mark An
-
How is workflow assigned to positions and particular company code / plants
Hi Everyone, We have updated a system with a new company code and corresponding new plants for profit center update. Now, they want the workflow handling of INVOIC, DESADV and ORDRSP to still be maintained. There is an existing workflow for error han
-
Trying to split an event into multiple events and iPhoto has booted me out. Anyone seen this before and know how to resolve
-
Restart init after filling set up tables
hi, I already filled sd billing set up tables and completed a successfull init load. i guess i made a mistake and pulled all conditions data from r/3 at once. now i have the data successfully in psa but the problem is further updating psa data to ods
-
When I click on a movie in Firefox, the sound plays through my Ipevo telephone instead of my external speakers