Unable to set up Certificate Expiration Notification in API gateway
search cancel

Unable to set up Certificate Expiration Notification in API gateway

book

Article ID: 217606

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

I am following the steps in the documentation to set up Certificate Expiration warnings . 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/security-configuration-in-policy-manager/tasks-menu-security-options/manage-certificates.html 

We set up alerts for when certs expiring, In the docs, it's not quite clear where the settings can be changed, and if the default values for the days can be changed as well

-If a certificate has expired or will expire within the configured WARNING period (by default, 2 days), a WARNING audit event is logged.

-If a certificate will expire within the configured INFO period (by default, 7 days), an INFO audit event is logged.

-If a certificate will expire within the configured FINE period (by default, 30 days), a FINE audit event is logged. -

we don't have the FINE auditing enabled can we change this to Warning ?

Environment

All supported versions of the API Gateway

Resolution

The audit level for this events is linked  to the age this can not be changed  ,  you can alter the age for every level in the cluster wide properties  using policy manager .

trustedCert.expiryCheckPeriod

trustedCert.expiryFineAge

trustedCert.expiryInfoAge

trustedCert.expiryWarningAge

REF: https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/reference/gateway-cluster-properties/certificate-validation-cluster-properties.html 

Powered by Wolken Software