WebSphere Application Server Network Deployment, Version 6.1
             Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS

             Personalize the table of contents and search results

Manage certificate expiration settings

Use this page to configure the certificate expiration monitor.

To view this administrative console page, click Security > SSL certificate and key management > Manage certificate expiration.

Attention: To see the changes to the Expiration checking fields, you must click Apply.
Start now

Configuration tab

Expiration notification threshold

Specifies the period of time that occurs chronologically just before the expiration day of the certificate, within which, if the ExpirationMonitor thread runs, and Automatically replace expiring self-signed certificates is enabled, a new self-signed certificate is generated. By default, the replacement period for the certificate is 60 days in length or less as defined in the daysBeforeNotification property.

There is a pre-notification period where the certificate is added to the notification list but not touched for 90 days prior to the 60 days. By default, this pre-notification period is 90 days in length as defined in the com.ibm.ws.security.expirationMonitorNotificationPeriod property.

Data type: Integer
Default: 60 days or less
Expiration check notification

Specifies the notification type (such as e-mail or System Out) when an expiration monitor runs.

Default:  
Automatically replace expiring self-signed certificates

Specifies a new self-signed certificate be generated using the same certificate information if the expiration notification threshold is reached. The old certificate is replaced and uses the same alias. All old signers are managed by the key store configuration are also replaced. The system only replaces self-signed certificates.

[z/OS] Note: This checkbox is only applicable when using file based keystores. If you are storing certificates in RACF, selecting the checkbox will do nothing.
Default: Enabled
Delete expiring certificates and signers after replacement

Specifies whether to completely remove old, self-signed certificates from the key store during a replace operation or leave them there under a renamed alias. If an old certificate is not deleted, the system renames the alias so that the new certificate can use the old alias, which might be referenced elsewhere in the configuration.

[z/OS] Note: This checkbox is only applicable when using file based keystores. If you are storing certificates in RACF, selecting the checkbox will do nothing.
Default: Enabled
Enable checking

Specifies the certificate monitor is active and will run as scheduled.

Scheduled time of day to check for expired certificates

Specifies the scheduled time that the system checks for expired certificates.

You can type the scheduled time in hours and minutes, specify either A.M. or P.M., or 24-hour.

Data type Integer
Default: 0, 0
Range: 1–12, 0–59
Check by calendar

Indicates that you want to schedule a specific day of the week on which the expiration monitor runs. For example, it might run on Sunday.

Default: Disabled
Weekday

Specifies the day of the week on which the expiration monitor runs if Check on a specific day is selected.

Default: Sunday
Range: Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday
Repeat interval

Specifies the period of time between each schedule time to check for expired certificates or the interval between schedule checks.

Default: Daily
Range: Daily, Weekly
Check by number of days

Specifies that you want to schedule a specific number of days between each run of the expiration monitor. The day of the week on which this occurs is not counted. For example, if you set the interval to check for expired certificates every seven days, the expiration monitor runs on day eight.

Default: Disabled
Next start date

Specifies the date for the next scheduled check. This allows the deployment manager to be stopped and restarted without resetting the date.




Related tasks
Creating a Secure Sockets Layer configuration
Related reference
SSL certificate and key management
Manage endpoint security configurations
Notifications
Reference topic    

Terms of Use | Feedback

Last updated: Feb 25, 2009 9:32:38 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/usec_sslmancertexpir.html