User certificate validity period
User certificates identify a user, and are used to enforce access control policies. You can control how long user certificates are valid. By default, user certificates are valid for 365 days.
Configuring the validity period of user certificates
Configure the validity period of user certs.
- Open Console.
- Go toManage > Authentication > Certificates.
- UnderConfiguration, enter a new value forNumber of days until expiration of certificate.
Expired user certificates
The following message is printed when you try to authenticate with an expired certificate. This example command tries to run docker ps on a remote host named prod_host1.
$ docker --tlsverify -H prod_host1:9998 ps The server probably has client authentication (--tlsverify) enabled. Please check your TLS client certification settings
Generating new certificates
When your certificates expire, you can generate new ones.
- Go to Console.
- Log in with your credentials to reauthenticate with Console. This step generates fresh certificates.
- If you integrated Prisma Cloud with LDAP, log in with your LDAP credentials.
- If you integrated with SAML, log in with your SAML credentials.
- If you are using Prisma Cloud users, log in with your Prisma Cloud user credentials.
- On the left menu, clickManage > Authentication > User certificates.
- Copy the installation script, and run it on your local machine.The script installs fresh certificates on your machine.
- Verify that your certs are valid by running a Docker command on a host protected by Defender.$ docker --tlsverify -H prod_host1:9998 ps