You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Current »
The certExpiryCheck
feature checks for expired certificates, trust anchor validity, and if certificates have been revoked if OSCP is enabled. The following Certificate Expiry Check parameters are configurable:
- The re-check rate parameter,
certReCheckRate
, is configurable from every 8 hours up to every 30 days in increments of 1 hour. The default value is once per 24 hour period.
The expiration periodic warning parameter, expirationPeriodicWarning
, is configurable between 3 to 14 days, and represents the frequency for sending periodic warning reminders once the expiryWarningThreshold
has been met. The default value is 7 days. Select 'disable' to turn off this feature.
- The expiry warning threshold parameter,
expiryWarningThreshold
, is configurable between 30 to 90 days, and represents the number of days prior to a certificate expiration date on which to generate an expiry warning message. The default value is 60 days. Select 'disable' to turn off this feature.
Upon failure of any one of the checks, the
Unable to show "metadata-from": No such page "_space_variables"
terminates the TLS session and logs a MAJOR level event (
sonusSbxFailedCertificateReCheck - MAJOR) to alert the user. The one exception will be if OSCP is enabled but
Unable to show "metadata-from": No such page "_space_variables"
does not receive revocation status of successful.good or successful.revoked, the corresponding TLS session continues for SIP/TLS.
Command Syntax
% set system security certExpiryCheck
certReCheckRate <8-720 hours>
expirationPeriodicWarning <3-14 days>
expiryWarningThreshold <30-90 days>
% show system security certExpiryCheck
Command Parameters
Certificate Expiry Check Parameters
Parameter | Length/Range | Description |
---|
certReCheckRate | disable, or 8-720 hours (in increments of 1 hour) | The interval, in hours, for Unable to show "metadata-from": No such page "_space_variables" to re-check certificates. Select 'disable' to turn off this feature. (default = 24) |
expirationPeriodicWarning | disable, or 3-14 days (in increments of 1 day) | The frequency, in days, for sending periodic warning reminders once the expiryWarningThreshold has been met. Select 'disable' to turn off this feature. (default = 7) |
expiryWarningThreshold
| disable, or 30-90 days (in increments of 1 day) | The number of days prior to a certificate expiration date on which to generate an expiry warning message. Select 'disable' to turn off this feature. (default = 60) |