Certificate Renewal

Learn about custom Reminder Frequency and Expiration Email notifications for a user or trusted certificate issued in Policy Manager when the certificate is nearing its expiration date or has expired.

Note: This topic relates to certificates only. For information relating to renewal alerts and notifications for other types of certificates, see Managing Certificate Expiration.

Table of Contents

Configuring certificate renewal alerts: Overview

There are several ways that you can configure the platform to send an email notification when a certificate is getting close to the expiration date, including:

  • Configuring the platform to send a notification to a specific user email address
  • Configuring an email group and configuring the platform to send a notification to the email group

Generation of notification emails or alerts relating to upcoming (or current) certificate expiration is associated with the platform's background process, user.certs.expiration.checker.job, which runs daily, and trusted.certs.expiration.checker.job, which runs daily or weekly on any day of the week. This job checks the user and trusted certificates for expiration.

If an alert is generated and it is also bound to one or more email groups, the email is also sent to the email group or groups.

View Certificate Renewal Summary

  1. Log in to Policy Manager.
  2. Go to Configure > Security > Certificates > Certificate Renewal.

    The Certificate Renewal page is displayed, showing the configuration of the currently defined Reminder and Expiration certificate renewal email notifications for user and trusted certificates.

Modify Renewal Notification

Modify a renewal notification for the User certificates

Configure the frequency at which the system will check the user certificates that are expired or close to their expiration dates. This setting also allows to configure message template to use for certificate expiration reminder emails. Reminders will be sent as per configured reminder period.

To modify a renewal notification:

  1. Go to Configure > Security > Certificates > Certificate Renewal. The Certificate Renewal page is displayed.

  2. Click Modify Renewal Notification. The Modify Renewal Notification page is displayed with the current renewal notification configuration.

  3. Define the Reminder Frequency at which the system will check the user certificates that are expired or close to their expiration dates.

    • Remind users of expiration—Use the drop-down to configure the frequency that email reminders will be sent out for both Reminder and Expiration email types. Select from:

      • Once—Specify how many days prior to expiration.

        Setting the reminder period: Once

      • Daily—Specify how many days prior to expiration the reminders start.

        Setting the reminder period: Daily

      • Weekly—Specify how many weeks prior to expiration the reminders start.

        Setting the reminder period: Weekly

    • Generate emails from the following address—The default email address to generate emails is alert_notification@soa.com.

  4. Modify the Reminder Email.

    • Subject—Enter a custom email subject line.
    • Body—Enter the body of the email.
    • Reset—Reset the email configuration back to the Policy Manager default email template.

    Note: You can use variables in the Subject and Body for both Reminder and Expiration email types. The variable names are enclosed in ${}. Supported variables include:

    • ${expiration.date}—Expiration date of the certificate
    • ${user.fullname}—Fullname attribute of the user
    • ${certificate.subject.dn}—Subject Certificate Name of certificate

  5. Modify the Expiration Email.

    • Subject—Enter a custom email subject line.

    • Body—Enter the body of the email.
    • Reset—Reset the email configuration back to the Policy Manager default email template.

  6. Click Apply.

Modify a renewal notification for the Trusted certificates

Configure the frequency at which the system will check the trusted certificates that are expired or close to their expiration dates. Alert notifications will be sent to email group configured on the Trusted certification expiration related alert codes (508004, 508005) with predefined alert email template for the alert. Reminders will be sent as per configured reminder period. Emails will be generated using the "from" email address configured for the installation under com.soa.console property.

To modify a renewal notification:

  1. Go to Configure > Security > Certificates > Certificate Renewal. The Certificate Renewal page is displayed.

  2. Click Modify Renewal Notification. The Modify Renewal Notification page is displayed with the current renewal notification configuration.

  3. Define Reminder Frequency at which the system will check the trusted certificates that are expired or close to their expiration dates. Select from:

    • Daily—Specify how many days prior to expiration the reminders start.

    • Weekly—Specify how many weeks prior to expiration and the day of the week the reminders start.

  4. Click Apply.