cert-renewal-timeout

Configures a certificate renewal timeout in days. This is the number of days, before the expiration of the device‘s certificate, that a certificate renewal is triggered.

The expiration of device‘s certificate is checked once a day. When a certificate is about to expire a certificate renewal is initiated with the dedicated CMP CA server resource through an existing IPSec tunnel. If the tunnel is not established, the CMP renewal request is not sent. If a renewal succeeds the newly obtained certificate overwrites an existing certificate. If the renewal fails, an error is logged.

Supported on the following devices:

Access Points: AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543, AP8533.
Service Platforms: NX5500, NX7500, NX9500, NX9600
Virtual Platforms: CX9000, VX9000

Syntax

cert-renewal-timeout <1-60>

Parameters

cert-renewal-timeout <1-60>


cert-renewal-timeout <1-60>	Configures the certificate renewal timeout in days. This is the number of days, before the expiration of the device‘s certificate, that a certificate renewal is triggered. Once the configured time is completed, the device triggers a certificate renewal request. <1-60> – Specify a value from 1 - 60 days. The default is fourteen (14) days. Therefore, by default a device triggers certificate renewal request 14 days before its certificate expires.

Examples

ap6522-D8273A(config-cmp-policy-CMP)#cert-renewal-timeout 60

ap6522-D8273A(config-cmp-policy-CMP)#show context
crypto-cmp-policy CMP
 cert-renewal-timeout 60
 ca-server primary host 192.168.8.74 port 8 path cmp
ap6522-D8273A(config-cmp-policy-CMP)#

Related Commands


no	Reverts the certificate renewal timeout to default (14 days)