cancel
Showing results for 
Search instead for 
Did you mean: 

expired CAs on MAG,PCS

Highlighted
New Contributor

expired CAs on MAG,PCS

Hello,

I have an issue with expired Trusted Server CAs certificates on a MAG-4610 cluster (ver 8.2R4.1). If I login to the admin web frontend and go to "System > Configuration > Certificates > Certificates Validity Check" and "Check Now" I get a list of expired (or expired in the near future) certificates. The certificates are listed as "Trusted Server CA".
Here are two examples

Certificates Certificate Type Expiry Date

CA Disig Trusted Server CA Tue 2016-03-22 01:39:34 GMT
Juur-SK Trusted Server CA Fri 2016-08-26 14:23:01 GMT

If I navigate to "... Certificates > Trusted Server CAs" and click on "Show only expired CAs" the expired certificates are NOT displayed. Under the "Search" menu I can type "name parts" of the expired certificates but there they are also not displayed the expired certificates.
What is the right way to delete these expired certificates (the expired certificate are really existing in the store, I see they if I export the certificate configuration to a XML file)?

Many thanks for hints
Tags (1)
3 REPLIES 3
Highlighted
Moderator

Re: expired CAs on MAG,PCS

The certificates are in the base configuration. The deletion removes them from being processed and from display (or is supposed to); however, they are present in case the system needs to be restored to defaults for some reason. For the deletion, you are making the correct action by choosing the certificate and then delete.
This should be fixed in 8.2R5.1; do you have a test system you can confirm? Unfortunately, it is also possible that you have found something we haven't come across yet.
New Contributor

Re: expired CAs on MAG,PCS

Hello,

a MAG as test machine - sorry, but I don't have this. I tried it on the DTE version (8.2R4.1) and I can reproduce the same error. After an upgrade to the 8.2R5.0 --> 8.2R5.1 it looks like the error is removed. I hope I see this behavior if I upgrade the productive MAG devices later.

Many thanks
Highlighted
Moderator

Re: expired CAs on MAG,PCS

Thank you for confirming.
Yes, it should be resolved on the MAG system once upgraded as the same software is used on both the physical & virtual appliances.