Use Cases for Configuring Expiry Alerts

Use Case 1

Objective: Application owners want to configure alerts specific to their application.

Alert Criteria 1: Bulk notification

Alert Criteria 2: Individual certificate notification (recommended)

Configuring an Expiry Alert for Alert Criteria 1

  1. Create an expiry alert using the alert configuration given in the table below.
    Table 1. Values for the alert criteria 1 configuration
    Alert parameter Value
    Range in days 20 - 30
    Filter Certificate group < select the application group>
    Notification Format Attachment
    To < Recipient as application group email ID >

    Certificate group : <select the application group>
    CC <admin group email id>
    Subject Expiry Alert :: Certificates expiring in next 30 days
    Body Common Name, Serial Number, Valid From , Valid Until
  2. Click Add.
    The alert is added to the table in the Alert Configuration section.
  3. Under Alert Configuration, click Add.
  4. Use the alert parameters and values given in step 1 and only edit the parameters given in the table below.
    Table 2. Updated values for the alert criteria 1 configuration
    Alert parameter Value
    Range in days 0 - 10
    Subject Expiry Alert :: Certificates Expiring in 10 days :: Critical
    Alert execution type Scheduled; everyday from the day of alert configuration
  5. Click Add.
    The updated alert is also added to the table in the Alert Configuration section.

Configuring an Expiry Alert for Alert Criteria 2

  1. Create an expiry alert using the alert configuration given in the table below.
    Table 3. Values for the alert criteria 2 configuration
    Alert parameter Value
    Range in days 20 - 30
    Allow Users Renewal Enabled
    Filter Certificate group < select the application group>
    To < Recipient as application group email ID >

    Certificate group : <select the application group>
    CC <admin group email id>
    Subject Expiry Alert :: |Common Name| certificate is expiring on |Valid Until|
    Body |Common Name| certificate is expiring on |Valid Until| issued by |Issuer Common Name|
  2. Click Add.
    The alert is added to the table in the Alert Configuration section.
  3. Under Alert Configuration, click Add.
  4. Use the alert parameters and values given in step 1 and only edit the parameters given in the table below.
    Table 4. Updated values for the alert criteria 2 configuration
    Alert parameter Value
    Range in days 0 - 10
    Subject Expiry Alert : Critical : |Common Name| certificate is expiring on |Valid Until|
    Alert execution type Scheduled; everyday from the day of alert configuration
  5. Click Add.
    The updated alert is also added to the table in the Alert Configuration section.

Use Case 2

Objective: The PKI team will receive the alerts and take remediation action, following up with the application owners. The PKI team will get a list of certificates expiring on the 30th day from the day of alert configuration and must then consult with the application owners. Reminders for certificates missing from remediation for 20 days should be part of a critical alert condition.

Alert Criteria 1: Bulk notification (recommended)

Alert Criteria 2: Individual certificate notification

Configuring an Expiry Alert for Alert Criteria 1

  1. Create an expiry alert using the alert configuration given in the table below.
    Table 5. Values for the alert criteria 1 configuration
    Alert parameter Value
    On specified days 30
    Filter Certificate group < select the application group>
    Notification format Attachment
    To < PKI Admin >

    Certificate group : <select the application group>
    CC <Certificate group>
    Subject Expiry Alert :: Certificates expiring in next 30 days
    Body Common Name, Serial Number, Valid from , Valid Until, Issuer Common Name
  2. Click Add.
    The alert is added to the table in the Alert Configuration section.
  3. Under Alert Configuration, click Add.
  4. Use the alert parameters and values given in step 1 and only edit the parameters given in the table below.
    Table 6. Updated values for the alert criteria 1 configuration
    Alert parameter Value
    On specified days 10
    Subject Expiry Alert :: Certificates Expiring in 10 days :: Critical
    Alert execution type Scheduled; everyday from the day of alert configuration
  5. Click Add.
    The updated alert is also added to the table in the Alert Configuration section.

Configuring an Expiry Alert for Alert Criteria 2

  1. Create an expiry alert using the alert configuration given in the table below.
    Table 7. Values for the alert criteria 2 configuration
    Alert parameter Value
    On specified days 30
    Allow Users Renewal Enabled
    Filter Certificate group < select the application group>
    To < Recipient PKI Admin >

    Certificate group : <select the application group>
    CC <Certificate group>
    Subject Expiry Alert :: |Common Name| certificate is expiring on |Valid Until| for the group |Certificate Group|
    Body |Common Name| certificate is expiring on |Valid Until| issued by |Issuer Common Name|
  2. Click Add.
    The alert is added to the table in the Alert Configuration section.
  3. Under Alert Configuration, click Add.
  4. Use the alert parameters and values given in step 1 and only edit the parameters given in the table below.
    Table 8. Updated values for the alert criteria 2 configuration
    Alert parameter Value
    On specified days 10
    Subject Expiry Alert : Critical : |Common Name| certificate is expiring on |Valid Until| for the group |Certificate Group Name|
    Alert execution type Scheduled; everyday from the day of alert configuration
  5. Click Add.
    The updated alert is also added to the table in the Alert Configuration section.

Use Case 3

Objective: The administrator wants to send expiry alerts for certificates expiring in the next 30 days to all the application owners (who will take remedial action on their respective certificates). The administrator also wants to send a critical reminder to the application owners if an action has not been taken in the next 15 days.

Alert Criteria 1: Bulk notification

Alert Criteria 2: Individual certificate notification

Configuring an Expiry Alert for Alert Criteria 1

  1. Create an expiry alert using the alert configuration given in the table below.
    Table 9. Values for the alert criteria 1 configuration
    Alert parameter Value
    Range in days 0 - 30
    Allow user Renewal Enabled
    To Certificate group : <select the application group>
    CC <admin group email id>
    Subject Expiry Alert :: |Common Name| certificate is expiring on |Valid Until|
    Body |Common Name| certificate is expiring on |Valid Until| issued by |Issuer Common Name|
    Alert execution type Scheduled; everyday from the day of alert configuration
  2. Click Add.
    The alert is added to the table in the Alert Configuration section.
  3. Under Alert Configuration, click Add.
  4. Use the alert parameters and values given in step 1 and only edit the parameters given in the table below.
    Table 10. Updated values for the alert criteria 1 configuration
    Alert parameter Value
    Range in days 0 - 15
    Subject Expiry Alert :: Certificates not taken action for past 15 days :: Critical
    Alert execution type Scheduled; everyday from the day of alert configuration; ends after 15 days
  5. Click Add.
    The updated alert is also added to the table in the Alert Configuration section.

Configuring an Expiry Alert for Alert Criteria 2

  1. Create an expiry alert using the alert configuration given in the table below.
    Table 11. Values for the alert criteria 2 configuration
    Alert parameter Value
    Range in days 0 - 30
    Notification Format Attachment
    To Certificate group : <select the application group>
    CC <admin group email id>
    Subject Expiry Alert :: Certificates expiring in next 30 days
    Body Common Name, Serial Number, Valid From , Valid Until, Issuer Common Name
    Alert execution type Scheduled; everyday from the day of alert configuration; ends after 15 days
  2. Click Add.
    The alert is added to the table in the Alert Configuration section.
  3. Under Alert Configuration, click Add.
  4. Use the alert parameters and values given in step 1 and only edit the parameters given in the table below.
    Table 12. Updated values for the alert critera 2 configuration
    Alert parameter Value
    Range in days 0 - 15
    Subject Expiry Alert :: Certificates not taken action for past 15 days :: Critical
    Alert execution type Scheduled; everyday from the day of alert configuration; ends after 15 days
  5. Click Add.
    The updated alert is also added to the table in the Alert Configuration section.