Configuring TLS Server Certificate Expiry Check

You can configure the TLS Server Certificate Expiry Check feature per TLS Context, whereby the device periodically checks the validation date of installed TLS server certificates. You can also configure the device to send an SNMP alarm (acCertificateExpiryAlarm) at a user-defined number of days before the installed TLS server certificate is to expire. The alarm indicates the TLS Context to which the certificate belongs.

If the device's default self-signed certificate (at TLS Context Index 0 and named "default") is about to expire (less than a day) or has expired, the device automatically re-generates a new self-signed certificate. The configuration described in this section does not apply to this mechanism (occurs regardless).

To configure TLS certificate expiry checks and notification:
1. Open the TLS Contexts table (see Configuring TLS Certificate Contexts).
2. Select the required TLS Context index row, and then click the Change Certificate link located below the table; the Change Certificates page appears.
3. Scroll down the page to the TLS Expiry Settings group:

4. In the 'TLS Expiry Check Start' field, enter the number of days before the installed TLS server certificate is to expire when the device sends an SNMP trap event to notify of this.
5. In the 'TLS Expiry Check Period' field, enter the periodical interval (in days) for checking the TLS server certificate expiry date. By default, the device checks the certificate every 7 days.
6. Click the Submit TLS Expiry Settings button.