Certificate Expired

Description

Signaled when the device has a certificate that has expired. The device can no longer communicate with any entity that performs Certificate Authentication until the Certificate has been replaced with a new Valid Certificate.

Pre-Conditions(s)

• This alarm only occurs if non default certificates have been loaded onto either the ESU or ONTs.
• Only certificate admin users have rights to manage certificates. Any user can view certificate status.

Trouble Clearing

The probable causes of this alarm are: 

• ESU Certificate Expired: The command:

  ne security key edit terminal pkcs12

  This command can be used to update the ESU certificate to a new certificate. The existing device certificate for the ESU is replaced by the certificate entered. The certificate content can be pasted into the terminal window to be accepted by the ESU. The certificate is permanently stored on the ESU. The file must include all required trust anchor certificates necessary to validate peer certificates.

• ONT Certificate Expired: In addition to the alarm shown on the EMS alarms display, the ONT certificate status can be seen on the Certificate Status tab of the ONT Properties display. The ValidFrom / ValidTo dates give the valid date range of the certificate. If the certificate is Expired, it can be replaced by using the ONT Security Tab. The EMS downloads the certificate specified to the ONT and permanently stores it in the non-volatile memory of ONT. After downloading the new certificate, the Certificate Status tab can be used to view the newly downloaded certificate. It takes 10-15 seconds for the certificate to be downloaded and installed.

  Note: Access to the certificate status is only available on the 729GP and it will only appear if you are logged in as certificate Admin.