Checking the Validity of the Certificate for the SSL Connection Between a GNE and NMS

If the certificate for the SSL connection between a GNE and NMS expires, you need to bind a new SSL policy to DCN.

Context

DCN allows an SSL connection to be established between a GNE and the NMS. The SSL connection has a valid period, and its validity is controlled through a certificate in a security policy that is applied to this connection. If the certificate expires, the SSL connection becomes invalid, and the NMS fails to manage devices through the GNE. Therefore, you need to check whether the certificate expires.

Procedure

  1. Run the display ssl policy [ policy-name ] command in any view to check the configuration of the SSL policy configured in the system.
  2. If the SSL policy has expired, check whether the certificate specified in the policy is still valid. For details, see Checking Security Risks.
  3. If the certificate has expired, run the bind ssl-policy ssl-policy-name command in the DCN view to bind a new SSL policy to DCN.

Example

Run the display ssl policy command to view the configuration of the SSL policy configured in the system.

<HUAWEI> display ssl policy
2018-10-12 03:55:37.303 

       SSL Policy Name: dcn_qx_ssl_policy
     Policy Applicants: QX 
         Key-pair Type: RSA
 Certificate File Type: PEM
      Certificate Type: certificate
  Certificate Filename: server_nm.pem
     Key-file Filename: key_m.pem
             Auth-code: ******
                   MAC:
           Issuer name: Huawei Technologies
          Subject name: server
   Validity Not Before: 2012-05-24 12:29:46Z
    Validity Not After: 2037-01-13 12:29:46Z
              CRL File:
       Trusted-CA File:
     Trusted-CA File 1: Format = PEM, Filename = trust.cer
Parent Topic: Management Plane
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >