Configuring default auto-renewal settings
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Configuring default auto-renewal settings
You can configure global default settings for certificate auto-renewal. These settings apply to all applications that have auto-renewal enabled, unless they are explicitly overridden at the application level.
Auto-renewal runs daily for Next-Gen Trust Security accounts that have auto-renewal enabled for at least one application.
By default, auto-renewal is disabled for newly created applications.
Prerequisite
You must have appropriate administrative permissions to configure global auto-renewal settings.
For information about enabling auto-renewal at the application level, see Enabling and configuring certificate auto-renewal.
To configure auto-renewal defaults
- Sign in to Next-Gen Trust Security.
- Click Configuration > Certificate Lifecycle.
- Click Certificate Auto-Renewal and Provisioning.
- Specify the Auto-renewal window (in days).Certificates with expiration dates that fall within this window are eligible for renewal when auto-renewal runs. This value can be overridden at the application level.
- (Optional) Click Run Now to immediately renew and provision eligible certificates.
After you complete these steps, Next-Gen Trust Security automatically renews eligible certificates based on the configured settings.
Notes about certificate auto-renewal scans
Auto-renewal scans run daily to identify certificates that are eligible for renewal and fall within the configured renewal window.
- If renewal for an eligible certificate fails, it is retried during the next daily scan while the certificate remains within the renewal window.
- If a certificate renewal is already in progress, a new renewal attempt is not started.
- If an eligible certificate is associated with multiple applications that have auto-renewal enabled, the application with the longer renewal window initiates the renewal.
Daily scans do not run if no applications have auto-renewal enabled.