Configuring TLS Server Certificate Expiry Check
You can configure the device to periodically check the validation date of installed TLS server certificates of TLS Contexts (configured in Configuring TLS Certificate Contexts). You can also configure the device to send an SNMP alarm (acCertificateExpiryAlarm) at a user-defined number of days before the installed TLS server certificate is to expire. The alarm indicates the TLS Context to which the certificate belongs.
|
●
|
When a TLS certificate expires, services using the certificate may be discontinued (depending on the remote side's security configuration). Therefore, best practice is to replace (renew) the certificate as soon as possible with a valid certificate. |
|
●
|
This feature applies to all TLS Contexts. |
|
➢
|
To configure TLS certificate expiry checks and notification: |
|
1.
|
Open the Security Settings page (Setup menu > IP Network tab > Security folder > Security Settings). |
|
2.
|
In the 'TLS Expiry Check Start' field, enter the number of days before the installed TLS server certificate is to expire when the device sends an SNMP trap event to notify of this. |
|
3.
|
In the 'TLS Expiry Check Period' field, enter the periodical interval (in days) for checking the TLS server certificate expiry date. By default, the device checks the certificate every 7 days. |
