: User certificate validity period

User certificate validity period

Table of Contents

User certificate validity period

User certificates identify a user, and are used to enforce access control policies. You can control how long user certificates are valid. By default, user certificates are valid for 365 days.

Configuring the validity period of user certificates

Configure the validity period of user certs.
  1. Open Console.
  2. Go to
    Manage > Authentication > Certificates
  3. Under
    , enter a new value for
    Number of days until expiration of certificate
  4. Click

Expired user certificates

The following message is printed when you try to authenticate with an expired certificate. This example command tries to run docker ps on a remote host named prod_host1.
$ docker --tlsverify -H prod_host1:9998 ps The server probably has client authentication (--tlsverify) enabled. Please check your TLS client certification settings

Generating new certificates

When your certificates expire, you can generate new ones.
  1. Go to Console.
  2. Log in with your credentials to reauthenticate with Console. This step generates fresh certificates.
    • If you integrated Prisma Cloud with LDAP, log in with your LDAP credentials.
    • If you integrated with SAML, log in with your SAML credentials.
    • If you are using Prisma Cloud users, log in with your Prisma Cloud user credentials.
  3. On the left menu, click
    Manage > Authentication > User certificates
  4. Copy the installation script, and run it on your local machine.
    The script installs fresh certificates on your machine.
  5. Verify that your certs are valid by running a Docker command on a host protected by Defender.
    $ docker --tlsverify -H prod_host1:9998 ps

Recommended For You