When users access network resource by Certificate Authority, how to update the certificate which is overdue

Publication Date:  2012-09-21 Views:  140 Downloads:  0
Issue Description
 Users access network resource by Certificate Authority  at VPN Client and USG3000 networking. But the situation that users cannot access network.
Alarm Information
none
Handling Process
The method of dealing withthe overdue certificate:
1. Update the overdue Certificate Authority (CA) of facility
Execute the order system-view and inter into the system view.
Execute the order pki delete-certificate ca filename ca.cer,and delete the Certificate Authority (CA).
Execute the order pki import-certificate ca filename ca_new.cer,and import the new Certificate Authority (CA).
Update the private key file hostkey when it is the root Certificate Authority (CA).
Reboot the facility
 2. Update the overdue local certificate of facility
Execute the order system-view and inter into the system view.
Execute the order pki delete-certificate ca filename usg3000.cer,and delete the local certificate.
Execute the order pki import-certificate ca filename usg3000_new.cer,and import the new local certificate.
Update the private key file serverkey.
 3. Update the overdue Certificate Authority (CA) of client
Access the installation directory of VPNClient(default C:\Program Files\Huawei\Secoway VPN Client).
Copy each level of Certificate Authority (CA) files to the folder of Certificate
4. The overdue certificate of client USBKEY
Access the management tool of USBKEY
Delete the existing client certificate of USBKEY
Import the new client certificate.
Startup VPNClient, click the menu “tool>>Usbkey imformation ”and the choosing interface of Usbkey certificate.
Choose the new client certificate.
----end.
Root Cause
Do the following command:
<USG3000>more ca_config.ini  Inquiring the related configure of Certificate Authority (CA) and local certificate;
<USG3000>dis pki certificate filename usg3000.cer Inquiring information of certificate such as validity period
Update the certificate when it is overdue.
Suggestions
The users using the certification authority should consider whether the certificate is overdue when cannot access network suddenly but before can.

END