Renew Default SSL certificate on WS-8-150-DC switch

[balachandar_manoharan]

Hello there! I am new to managing Netonix switches. I have a situation where the default SSL certificate on my Netonix switch is about to expire end of December 2023. Is there a way in which the certificate can be renewed beforehand or will it renew automatically after the current expiry date.

Any advise in this regard is much appreciated. Thanks in advance.

A

[sirhc]

The certificates are generated by the service running on the switch for the session. I don't recall if the certificate remains in browser cache and is used until it expirer, the cache is cleared, or the switch is rebooted.

When it expires if your session is active you would at most have to refresh the page, possibly log back in.

Either way its not an issue.

[balachandar_manoharan]

The certificates are generated by the service running on the switch for the session. I don't recall if the certificate remains in browser cache and is used until it expirer, the cache is cleared, or the switch is rebooted.

When it expires if your session is active you would at most have to refresh the page, possibly log back in.

Either way its not an issue.

Hi Sirhc,

Thanks for your response. So, I assume the cert will be renewed automatically post the mentioned expiry date. Else, I would need to reboot the switch or clear the browser cache. Is that correct? I have herewith attached the screenshot of the certificate details as seen from the browser.

Kindly confirm if my understanding is correct. I was wondering if there would be a way to delete the existing certificate and generate a new default certificate on the switch. Is that feasible?


Tks,

Bala

[sirhc]

We looked into this and there are no adverse effects from this.

But again DO NOT WORRY nothing bad is going to happen, this is not another Y2K type issue and no action is required of you.

As a short description pretend you have an online store and you purchase a real certificate for the site and you forget to renew it and it expires. Suddenly people start calling you that your site is reporting an invalid certificate and they are nervous to enter their credit card info. They were notified of the expired or invalid certificate as soon as they went to your site and they had to click advanced and proceed to site anyway.

Oh wait that happens anyway with our switch UI anyway....

So come January 1, 2024 your switch certificate will expire which is no big deal and will continue to work and there is no security issue encryption is still happening as it always did.

Anyway switches that came with firmware version 1.5.5 or higher and manufactured after January 2019 the certificate expiration date should expire January 1, 2029

If you really wanted too but will do nothing better or act any differently you can do this procedure:
- make sure your software is updated to latest version
- login via console cable, SSH, or console via UI
- drop to linux shell
- rm /etc/config/lighttpd.pem
- reboot switch whichever method you chose

The switch will take an extra 20-30 seconds to boot as it generates a NEW certificate that will not expire until January 1, 2029. That date is in there as that is the last time we changed it when compiling a new version.

BUT AGAIN THIS IS OPTIONAL AS IT MAKES NOT DIFFERENCE.

Were are changing the hardcode date in the firmware in the next version that the certificate generation would expire January 1, 2034.

I hope this helps.