To Configure Auto-Renewal and Provisioning Settings

1. Sign in to Next-Gen Trust Security.
2. In the menu bar, click Configurations > Certificate Policies > Certificate Auto-Renewal and Provisioning.
3. Enable Enable auto-renewal.
   When enabled, certificates that are eligible for auto-renewal will be automatically renewed before they expire.
4. In the Set a global window field, specify the number of days before expiration when certificates become eligible for renewal.
   For example, if you set the window to 31 days, all eligible certificates within 31 days of expiration will be renewed and provisioned during the next auto-renewal run.
5. From the Set a default issuing template dropdown, select the issuing template to be used when auto-renewing certificates.
   Select the default issuing template that should be used for certificate renewals.
6. (Optional) Enable Automatically provision renewed certificates.
   When enabled, renewed certificates will be automatically provisioned to their target locations (machine or cloud keystores).
7. Review the Current auto-renewal status to see whether the Automated Secure Keypair service is active.
8. Click Save.
9. (Optional) Click Run Now to immediately renew and provision eligible certificates without waiting for the next scheduled daily run.

Notes about Certificate Auto-Renewal

• If renewal for an eligible certificate fails, it is retried during the next daily run while the certificate remains within the renewal window.
• If a certificate renewal is already in progress, a new renewal attempt is not started.
• Auto-renewal does not run if it is disabled.

Related Links

• Overview of automated certificate renewal
• How to run auto-renewal manually