Follow

Issue: Certificate Notification not working over 30 days

Applies to:

Venafi Encryption Director 6.1: Certificate Manager (below)

All versions of Trust Protection Platform

 

How to create Expiration events and Escalation events before the default 30 and 15 days from certificate expiration in Trust Protection Platform

Symptom:

Custom notification rules are not being triggered if set for more than 30 days for Expiration and more than 15 days for Expiration Escalation.

Cause:

In order for a notification to be sent to a channel there must first be an event that is created by the Venafi engine. By default Expiration events are created at 30 days from expiration and Expiration Escalation events are created at 15 days from expiration.

Symptom:

Because of the default settings if a custom notification is built, using the default Expiration and Expiration Escalation templates, and the value is set higher than 30 (for Expiration) or 15 (for Escalation) there will not be any notification produced.  

Resolution:

WebAdmin Instructions:

  1. Select the Root Policy object. 
  2. Click Settings > Monitoring.
  3. Change the value for Expiration or Escalation to the desired number of days you would like to get notifications from certificate expiration. 

    Days_events_start_before_expiration.png

Note: You can also change the interval you want the events to be created, by default there will be an event created every day.

Note: There can be customization for each type of certificate as well. Most certificates that will be on appliances and web servers will be Server Certificates. 

 

 

Venafi Encryption Director 6.1: Certificate Manager instructions

Symptom:

The following default notification rules are not being triggered.

Certificate Expiring in 45 Days

Certificate Expiring in 90 Days

Cause:

Once an event is logged to the Default SQL Channel, the Log Server determines if the event matches the criteria of any notification rule. If there is a match, the Log Server forwards the event to the appropriate channels. In this case the event is not even being logged to the Default SQL Channel because the Expiration Start Value is set to 30 days and needs to be set to 90 days in order for the event to be logged.

Resolution:

WebAdmin Instructions:

  1. Select to the top of the Policy Tree.
  2. Click Settings > Monitoring.
  3. Change the value for Certificate Expiration Start to 90 days (See screenshot below).


Screen_Shot_2012-09-24_at_12.50.05_PM.png

 

Was this article helpful?
0 out of 1 found this helpful
Have more questions? Submit a request

Comments