Hello there! I am new to managing Netonix switches. I have a situation where the default SSL certificate on my Netonix switch is about to expire end of December 2023. Is there a way in which the certificate can be renewed beforehand or will it renew automatically after the current expiry date.
Any advise in this regard is much appreciated. Thanks in advance.
A
Renew Default SSL certificate on WS-8-150-DC switch
- balachandar_manoharan
- Member
- Posts: 2
- Joined: Sun Dec 03, 2023 7:05 pm
- Has thanked: 0 time
- Been thanked: 0 time
-
sirhc - Employee
- Posts: 7414
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: Renew Default SSL certificate on WS-8-150-DC switch
The certificates are generated by the service running on the switch for the session. I don't recall if the certificate remains in browser cache and is used until it expirer, the cache is cleared, or the switch is rebooted.
When it expires if your session is active you would at most have to refresh the page, possibly log back in.
Either way its not an issue.
When it expires if your session is active you would at most have to refresh the page, possibly log back in.
Either way its not an issue.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
- balachandar_manoharan
- Member
- Posts: 2
- Joined: Sun Dec 03, 2023 7:05 pm
- Has thanked: 0 time
- Been thanked: 0 time
Re: Renew Default SSL certificate on WS-8-150-DC switch
sirhc wrote:The certificates are generated by the service running on the switch for the session. I don't recall if the certificate remains in browser cache and is used until it expirer, the cache is cleared, or the switch is rebooted.
When it expires if your session is active you would at most have to refresh the page, possibly log back in.
Either way its not an issue.
Hi Sirhc,
Thanks for your response. So, I assume the cert will be renewed automatically post the mentioned expiry date. Else, I would need to reboot the switch or clear the browser cache. Is that correct? I have herewith attached the screenshot of the certificate details as seen from the browser.
Kindly confirm if my understanding is correct. I was wondering if there would be a way to delete the existing certificate and generate a new default certificate on the switch. Is that feasible?
Tks,
Bala
-
sirhc - Employee
- Posts: 7414
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: Renew Default SSL certificate on WS-8-150-DC switch
We looked into this and there are no adverse effects from this.
But again DO NOT WORRY nothing bad is going to happen, this is not another Y2K type issue and no action is required of you.
As a short description pretend you have an online store and you purchase a real certificate for the site and you forget to renew it and it expires. Suddenly people start calling you that your site is reporting an invalid certificate and they are nervous to enter their credit card info. They were notified of the expired or invalid certificate as soon as they went to your site and they had to click advanced and proceed to site anyway.
Oh wait that happens anyway with our switch UI anyway....
So come January 1, 2024 your switch certificate will expire which is no big deal and will continue to work and there is no security issue encryption is still happening as it always did.
Anyway switches that came with firmware version 1.5.5 or higher and manufactured after January 2019 the certificate expiration date should expire January 1, 2029
If you really wanted too but will do nothing better or act any differently you can do this procedure:
- make sure your software is updated to latest version
- login via console cable, SSH, or console via UI
- drop to linux shell
- rm /etc/config/lighttpd.pem
- reboot switch whichever method you chose
The switch will take an extra 20-30 seconds to boot as it generates a NEW certificate that will not expire until January 1, 2029. That date is in there as that is the last time we changed it when compiling a new version.
BUT AGAIN THIS IS OPTIONAL AS IT MAKES NOT DIFFERENCE.
Were are changing the hardcode date in the firmware in the next version that the certificate generation would expire January 1, 2034.
I hope this helps.
But again DO NOT WORRY nothing bad is going to happen, this is not another Y2K type issue and no action is required of you.
As a short description pretend you have an online store and you purchase a real certificate for the site and you forget to renew it and it expires. Suddenly people start calling you that your site is reporting an invalid certificate and they are nervous to enter their credit card info. They were notified of the expired or invalid certificate as soon as they went to your site and they had to click advanced and proceed to site anyway.
Oh wait that happens anyway with our switch UI anyway....
So come January 1, 2024 your switch certificate will expire which is no big deal and will continue to work and there is no security issue encryption is still happening as it always did.
Anyway switches that came with firmware version 1.5.5 or higher and manufactured after January 2019 the certificate expiration date should expire January 1, 2029
If you really wanted too but will do nothing better or act any differently you can do this procedure:
- make sure your software is updated to latest version
- login via console cable, SSH, or console via UI
- drop to linux shell
- rm /etc/config/lighttpd.pem
- reboot switch whichever method you chose
The switch will take an extra 20-30 seconds to boot as it generates a NEW certificate that will not expire until January 1, 2029. That date is in there as that is the last time we changed it when compiling a new version.
BUT AGAIN THIS IS OPTIONAL AS IT MAKES NOT DIFFERENCE.
Were are changing the hardcode date in the firmware in the next version that the certificate generation would expire January 1, 2034.
I hope this helps.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
4 posts
Page 1 of 1
Who is online
Users browsing this forum: No registered users and 9 guests