The purpose of this article is to provide guidance for monitoring the expiration of certificates and identifying the policies that reference those expiring certificates. Attached is a sample policy that you can implement in your environment. These instructions have been tested on releases 9.2, 9.3 and 9.4.A) SET UP THE TRUSTEDCERT CLUSTER WIDE PROPERTIES1. Go to Tasks -> Global Settings -> Manage Cluster-Wide Properties2. Click [Add]3. Set the following CWPs as needed:
+ trustedCert.expiryCheckPeriod
+ trustedCert.expiryFineAge
+ trustedCert.expiryInfoAge (number of days should be less than FINE)
+ trustedCert.expiryWarningAge (number of days should be less than FINE and INFO)
NOTE: If you are adding any these cluster wide properties for the first time, a restart of the gateway is required.
Name: cert
Type: Password
Password and Confirm Password: Use the gateway user's password
Connection Name: Certificate Validation
Driver Class: com.l7tech.jdbc.mysql.MySQLDriver
JBDC URL: jdbc:l7tech:mysql://localhost:3306;DatabaseName=ssg OR jdbc:mysql://localhost:3306/ssg
Username: gateway
Password: ${secpass.cert.plaintext}
iii) Select the 'Create Custom Audit Sink and Lookup Policy' radio button iv) Click [OK]