Set certificate expiration monitoring

To configure certificate expiration monitoring, go to...

Security | SSL certificate and key management | Manage certificate expiration

...and set...

Expiration notification threshold WAS issues an expiration warning n number of days before expiration.
Expiration check notification Select the method from the list to use to receive the notification.
Automatically replace expiring self-signed certificates If we do not want to recreate the self-signed certificate, clear the check box.

When using writable System Authorization Facility (SAF) keyrings in the configuration, the certificate expiration monitor does not replace expired certificates in the writable SAF keyrings, but only provides a notification of the expiration.

Delete expiring certificates and signers after replacement If we do not want to delete the expired certificates and signers, clear the check box.
Enable checking If we do not want to have certificate monitoring enabled, clear the check box.
Schedule the running of the certificate expiration monitor.

Check by calendar For Weekday, enter the day of week to run the certificate expiration monitor. For Repeat Interval, specify the frequency to run the certificate monitor.
Check by number of days Enter a number for how frequently the monitor runs, in number of days.

A certificate expiration monitor object and a schedule are set up in the configuration.

We can generate reports that state which certificates have expired. The reports identify the notifications of certificate replacements and deletions.


Related concepts

Manage certificate expiration settings
Notifications settings
Certificate management in SSL