Page History
The certExpiryCheck feature checks for expired certificates, trust anchor validity, and if certificates have been revoked if OSCP is enabled. The following Certificate Expiry Check parameters are configurable:
- The re-check rate parameter,
certReCheckRate, is configurable from every 8 hours up to every 30 days in increments of 1 hour. The default value is once per 24-hour period. The expiration periodic warning parameter,
expirationPeriodicWarning, is configurable between 3 to 14 days , and represents the frequency for sending periodic warning reminders once theexpiryWarningThresholdhas been met. The default value is 7 days. Select 'disable' to turn off this feature.- The expiry warning threshold parameter,
expiryWarningThreshold, is configurable between 30 to 90 days , and represents the number of days prior to a certificate expiration date on which to generate an expiry warning message. The default value is 60 days. Select 'disable' to turn off this feature.
...
| Code Block | ||
|---|---|---|
| ||
% set system security certExpiryCheck
certReCheckRate <8-720 hours>
expirationPeriodicWarning <3-14 days>
expiryWarningThreshold <30-90 days>
% show system security certExpiryCheck |
Command Parameters
...
...
| Parameter | Length/Range | Description | ||||
|---|---|---|---|---|---|---|
certReCheckRate | disable, or 8-720 hours | The interval, in hours, for
| ||||
expirationPeriodicWarning | disable, or 3-14 days (in increments of 1 day) | The frequency, in days, for sending periodic warning reminders once the | ||||
| disable, or 30-90 days | The number of days |
...
| before a certificate expiration date on which to generate an expiry warning message. Select 'disable' to turn off this feature. (default = 60) |
...
Overview
Content Tools