Expiring certificate notifications
Beginning with Pega Platform 8.7, you can configure notifications when X.509 certificates are about to expire. By enabling notifications, you can renew your certificates on time.
You can configure the Pega Platform to send email notifications when one or more X.509 certificates become due to expire. These notifications are intended to prevent platform failures, such as failed logins and integrations, due to unanticipated certificates expiring and the emergency efforts required to recover.
Certificate expiration notification content
- For certificates expiring soon, the email displays the following message: The
following certificates in platform truststore are expiring soon. Please take the
appropriate action to keep your application secure.
- If no certificates are expiring soon, the email displays the following message: No certificates are expiring soon.
- For expired certificates, the email displays the following message: The
following certificates in platform truststore expired. Please take the
appropriate action to keep your application secure.
- If no certificates have expired, the email displays the following message: No certificates expired.
For each certificate, the notification provides the following information:
- Certificate Alias: The alias, which is the unique identifier, for the expiring certificate.
- Expiry Date: The date and time when the certificate expires.
- Issuer: The distinguished name of the issuer of the certificate, for example, common name, organization, and organizational unit.
- Subject: The distinguished name of the entity associated with the certificate, for example, person, business, and server.
Creating certificate expiration notifications
- In the Dev Studio header, select .
- Enable the Send notification email for expiring certificates toggle.
- In the Email account field, select or enter the email Account ID of an email account from which the system will send email notifications. To create a new email account, see Creating an email integration.
- In the Send expiration notifications before (days) field, specify when to send the notification in terms of number of days, before the certificate expiration date.
- To send reminder email messages periodically until the certificate is updated or deleted, select Send follow-up reminders.
- In the Send expiration reminder after every (days) field, specify the frequency to send reminder email messages.
- In the Email Addresses section, enter an email address for the notification recipient by clicking +Add.
- To enter additional notification recipients, click +Add.
- Click Save.
Previous topic Managing X.509 certificates Next topic Enabling encrypted communication between nodes