SSL CERTIFICATE EXPIRATION MONITORING
SSL certificate monitoring can be enabled within the WebSphere Application Server using the inbuilt utility which are nearing or close to expiration. You can also request certificate monitoring on demand and configure options for deleting expired certificates and recreating certificates.
Note: Certificate Expiration Monitor does not handle replacing client self-signed certificates and is not capable of sending the new signer certificate needed for trust. If the client is a web server plug-in, it will not be able to securely communicate with the application server after self-signed certificate replacement. The mentioned task has to be done manually by exporting the certificate into the plugin key store.
In order to enable the certificate expiration and monitoring system below steps has to be completed.
- From the administrative console, Click Security > SSL certificate and key management > Manage certificate expiration.
- Type a number for the number of days’ threshold in the Expiration notification threshold field. WebSphere Application Server issues an expiration warning 'n' number of days before expiration.
- Select or check one or more of the following options:
- Expiration check notification > Select the method from the list that you want to use to receive your notification.
You can either select message log or Email.
In order to configure the notification using email, a valid SMTP server detail and the email ID is required for configuration.
Automatically replace expiring self-signed certificates checkbox.
For this if you do not want to recreate the self-signed certificate, clear the check box.
For this if you do not want to recreate the self-signed certificate, clear the check box.
Delete expiring certificates and signers after replacement.
If you do not want to delete the expired certificates and signers, clear the check box.
Enable checking.
If you do not want to have certificate monitoring enabled, clear the check box.
If you do not want to delete the expired certificates and signers, clear the check box.
Enable checking.
If you do not want to have certificate monitoring enabled, clear the check box.
Enter the time of day when you want certificate monitoring to take place to schedule the running of the certificate expiration monitor.
Select one of the following options:
Check by calendar. For Weekday, enter the day of week that you want to run the certificate expiration monitor. For Repeat Interval, specify the frequency to run the certificate monitor.
Check by number of days. Enter a number for how frequently the monitor runs, in number of days.
Type the number of days before the threshold date in which the certificate monitor warns that a certificate is about to be replaced. When a certificate is within the expiration threshold, and automatic replacement is enabled, certificates are replaced. This value specifies the time period before the threshold when warnings are issued by the certificate monitor concerning upcoming replacement dates.
Type the number of days before the threshold date in which the certificate monitor warns that a certificate is about to be replaced. When a certificate is within the expiration threshold, and automatic replacement is enabled, certificates are replaced. This value specifies the time period before the threshold when warnings are issued by the certificate monitor concerning upcoming replacement dates.
Click Apply.
·