Applies to:
Venafi Encryption Director 6.1: Certificate Manager (below)
All versions of Trust Protection Platform
How to create Expiration events and Escalation events before the default 30 and 15 days from certificate expiration in Trust Protection Platform
Symptom:
Custom notification rules are not being triggered if set for more than 30 days for Expiration and more than 15 days for Expiration Escalation.
Cause:
In order for a notification to be sent to a channel there must first be an event that is created by the Venafi engine. By default Expiration events are created at 30 days from expiration and Expiration Escalation events are created at 15 days from expiration.
Symptom:
Because of the default settings if a custom notification is built, using the default Expiration and Expiration Escalation templates, and the value is set higher than 30 (for Expiration) or 15 (for Escalation) there will not be any notification produced.
Resolution:
WebAdmin Instructions:
- Select the Root Policy object.
- Click Settings > Monitoring.
- Change the value for Expiration or Escalation to the desired number of days you would like to get notifications from certificate expiration.
Note: You can also change the interval you want the events to be created, by default there will be an event created every day.
Note: There can be customization for each type of certificate as well. Most certificates that will be on appliances and web servers will be Server Certificates.
Venafi Encryption Director 6.1: Certificate Manager instructions
Symptom:
The following default notification rules are not being triggered.
Certificate Expiring in 45 Days
Certificate Expiring in 90 Days
Cause:
Once an event is logged to the Default SQL Channel, the Log Server determines if the event matches the criteria of any notification rule. If there is a match, the Log Server forwards the event to the appropriate channels. In this case the event is not even being logged to the Default SQL Channel because the Expiration Start Value is set to 30 days and needs to be set to 90 days in order for the event to be logged.
Resolution:
WebAdmin Instructions:
- Select to the top of the Policy Tree.
- Click Settings > Monitoring.
- Change the value for Certificate Expiration Start to 90 days (See screenshot below).
Comments