Follow

Info: How to Filter duplicate certs created during discovery (19.x) from daily evaluation

Applies To:

19.1, 19.2, 19.3, 19.4

(NOTE: 20.1 removed the feature so it's no longer relevant)

Problem

Because of a product change in 19.x, duplicates of a certificate are being created in the WebAdmin console.  This is documented in detail here:

https://support.venafi.com/hc/en-us/articles/360032287372-Issue-Network-Discovery-Is-Placing-Duplicate-Certificate-Objects-And-Appending-Numbers-To-The-End-Of-Them

The screen shot attached here shows the problem (from the other KB):

hyphens.png

The certs with the - xxxxx are the duplicates, and this feature is working as designed.  During nightly evaluations looking for expired certificates, these are found and notifications go out to indicate they are expiring, even though there is another certificate right next to them which is renewed.

The problem then is - how do we NOT get notifications for certs that are essentially historical, and the cert has already been renewed?

Solution

Officially, the solution is to upgrade to 20.1 or above to remove the duplicates being created.

Possible Alternative

It may also be possible to create a filter in the Notification Rule to remove any certs with a "- " in it.  This only works as long as your policies and certs do not already contain a hyphen in the normal naming convention.  The addition in the Filter looks like this:

NOT -> Component -> Contains -> ' - '

not.png

NOTE: This may also filter other items, so be careful to monitor YOUR environment to be sure the rule works.

Was this article helpful?
0 out of 0 found this helpful

Comments