Versions:
Venafi Encryption Director 10, TrustAuthority / TrustForce 14
Summary:
It is possible to customize when your certificate expiration notifications will be sent out if you don’t want the current default expiration notices. Here is an example to modify Director to send you notifications when your certificates are 120 days from expiration.
- Create a new Policy group.
- Change the days for notifications to be 120 days.
- All certificates under that policy object will follow the policy.
- Configure your notification rule.
More Information:
Part 1
Make sure events are logged when certificates are going to expire in 120 days
1) Make sure all certificates are under the same policy
2) Click on the Policy Object in web Admin
3) Go to the Settings Tab => Monitoring Tab
4) Under the line item "Certificate", change the drop down value to "Set Here" in the Policy Column near "Expiration Start"
5) You can now change the number from whatever it is (30 by default, but you might have it set to 90) and change it to 120
Part 2
Configure Notification Rule so that certificate and Application contacts are notified when expiration events are logged
1) Go to the Logging tree and go to your "Notification Rules"
2) Create a new rule and call it "Certificate Expiring in 120 days"
3) Create the conditions of
If Event ID matches "Certificate Monitor - Certificate Expiration Notice"
AND Value 1 matches 120
4) Target Channels should be "Email to Owner" and "Email to Consumer" (If these channels don't exist, then look at the channels that your 90 day rule are using and match it.
That is it; those certificates that are within the policy will receive emails when they are going to expire in 120 days.
Comments