Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Expiring certificate notifications

Updated on December 17, 2021

Beginning with Pega Platform 8.7, you can configure notifications when X.509 certificates are about to expire. By enabling notifications, you can renew your certificates on time.

You can configure the Pega Platform to send email notifications when one or more X.509 certificates become due to expire. These notifications are intended to prevent platform failures, such as failed logins and integrations, due to unanticipated certificates expiring and the emergency efforts required to recover.

Certificate expiration notification content

The notification email specifies the Pega system name or system ID for which certificates are expiring. For more information, see Configuring the system name. The email also lists certificates due to expire and expired certificates:
  • For certificates expiring soon, the email displays the following message: The following certificates in platform truststore are expiring soon. Please take the appropriate action to keep your application secure.
    • If no certificates are expiring soon, the email displays the following message: No certificates are expiring soon.
  • For expired certificates, the email displays the following message: The following certificates in platform truststore expired. Please take the appropriate action to keep your application secure.
    • If no certificates have expired, the email displays the following message: No certificates expired.

Note: The pyCertificateExpirationNotification job scheduler these certificate expiration notifications. It sends them based on the time and frequency that you configured.

For each certificate, the notification provides the following information:

  • Certificate Alias: The alias, which is the unique identifier, for the expiring certificate.
  • Expiry Date: The date and time when the certificate expires.
  • Issuer: The distinguished name of the issuer of the certificate, for example, common name, organization, and organizational unit.
  • Subject: The distinguished name of the entity associated with the certificate, for example, person, business, and server.

Creating certificate expiration notifications

  1. In the Dev Studio header, select ConfigureSystemSettingsExpiring Certificate Notifications.
  2. Enable the Send notification email for expiring certificates toggle.
  3. In the Email account field, select or enter the email Account ID of an email account from which the system will send email notifications. To create a new email account, see Creating an email integration.
  4. In the Send expiration notifications before (days) field, specify when to send the notification in terms of number of days, before the certificate expiration date.
  5. To send reminder email messages periodically until the certificate is updated or deleted, select Send follow-up reminders.
  6. In the Send expiration reminder after every (days) field, specify the frequency to send reminder email messages.
  7. In the Email Addresses section, enter an email address for the notification recipient by clicking +Add.
  8. To enter additional notification recipients, click +Add.
  9. Click Save.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us