ASM : How early do we get certificate expiry emails

book

Article ID: 207146

calendar_today

Updated On:

Products

CA App Synthetic Monitor

Issue/Introduction

Asking for clarification on certificate expiration.

We have 2 ASM monitors and Verify certificate is checked (HTTPS monitors). 

How early will we get certificate expiry emails (21 days, 10 days etc) telling that the certificate is going to expire ? Is this configurable ? 

 

 

Cause

Here is the explanation from ASM Engineering:

"The first warning at 30 days before expiration got changed to 21 instead because of widespread use of Let's Encrypt. Using Let's Encrypt, the certificates are getting regenerated when they're <30 days before expiration so precisely at 30 days, Let's Encrypt users were getting unnecessary warnings.

So now it's 21, 14, 7, 3, 2, 1 + expired. This is not configurable.
When the certificate expires, the monitor itself starts failing ( it has the "verify certificate" checked on). The days to expire checks are done differently (not at monitor runs). That's also the reason why it's not configurable.

Environment

Release : SAAS

Component : CA APP SYNTHETIC MONITOR (WATCHMOUSE)

Resolution

 

Per ASM Engineering, its not configurable