Manage Certificate Expiry Alerts

Identify SDM system certificates that are nearing expiration or have already expired. You can configure the advance warning threshold and view certificate expiry details in the SDM user interface. SDM also raises login alerts and SNMP traps to take timely renewal action.

The login alert is shown for all user roles.

Configuring Certificate Expiry Alert Threshold

Configure the certificate expiry alert threshold to define how many days in advance SDM must warn about expiring certificates. When certificates fall within this threshold (or have already expired), SDM generates login alerts and related SNMP traps to prompt timely renewal action.

By default, Admin users can set a certificate expiry alert threshold that controls when login alerts and SNMP traps are raised for expiring or expired certificates.
To change the expiry alert threshold, you must be an admin user or be in a group granted the permission to modify the threshold.
  1. Log on to SDM using the web GUI.
  2. Click Security Manager > Certificate Expiry Management.
  3. Click Expiry alert configuration.
  4. In the Certificate expiration warning page, in the Days prior to certificate expiration: field add the threshold value (number of days).

    Note:

    • Default threshold value is 15 days.
    • You can specify a threshold value that ranges from 7 to 30 days.
  5. Click Apply.

    Note:

    The new threshold takes effect immediately for UI login alerts, and is reflected in trap generation during the next scheduled system scan.

Viewing the Certificate Expiry View Table

The Certificate Expiry View table displays the expiry details for monitored system certificates, including node IP, certificate type, masked serial number, and expiry date.

Access to this table is controlled by the View Certificate Expiry Info permission. Ensure that you have this permission. By default, Admin, LIAdmin, and Provisioner user groups have access, Monitor group does not have access.
  1. Click Security Manager > User Management > Groups.
  2. In the User Groups page, click the administrators group.
  3. In the administrators page, click the Administrative operations tab, and expand the Administrative operations folder.
  4. In the View certificate expiry info, set the permission to Full.
  5. Click Apply.