Auto Renew a Certificate

The Certificate Auto Renewal option renews an existing certificate automatically before it expires and without manual intervention. This ensures continuous security and avoids service disruptions due to expired certificates.

The auto renewal job will run once a day. If renewal triggers and fails, 5 additional attempts will be made once a day for 5 days to auto renew. Certificates that are expiring within 30 days or less can be auto renewed.

Auto renewal workflow:

1. During certificate generation or manual renewal, set the Auto-renewal toggle to ON.

2. Daily auto renewal job is triggered and scans certificates expiring in ≤30 days.

   If the renewal trigger fails, 5 additional attempts will be made once a day for 5 days to auto renew.

3. A new certificate is created using the renewal configuration at the time of renewal.
4. After renewal, a new renewal record will be created to persist the auto renewal settings on the new certificate.

Prerequisites

Before performing the certificate auto renewal operation, ensure that the following prerequisites are met:

• Venafi integration settings must be configured.
• The certificate must be attached to an SSL template.

Setup Automatic Renewal Configuration

To setup auto renewal configuration:

1. Navigate to Certificates > Manage Certificates.
2. On the Certificates page, select a certificate that you want to auto renew.

3. Under the Auto Renewal column, against the certificate enable auto renewal using toggle.

   The Toggle button is enabled only if the certificate is attached to an SSL template.

   An audit record is created when auto renewal is enabled or disabled.

4. On the Auto Renewal Parameters page, enter the following details:

   Field	Description
   CN	The common name of the Fully Qualified Domain Name (FQDN) certificate. For example, mail.a10networks.com.
   Certificate Name	A unique name given to the renewed certificate for identification and management purposes. This is the certificate name used in Venafi.
   Partition	A logical division or grouping used to organize certificates, typically for administrative or access control purposes.
   Venafi Zone/Policy	The policy or zone defined in Venafi (or a similar certificate management system) that directs how the certificate should be issued and managed. If a Venafi policy was associated to the previous renewal, then the field is auto-populated else it will be blank.
   Key Options	The type of cryptographic key to be used (RSA) for the certificate. The available options are: Encrypted Key Unencrypted Key
   Key Passphrase	This option is enabled only if the Encrypted Keys option is selected in the Key Options field. An actual encryption key, which is derived from the passphrase and used to encrypt the protected resource.
   SSL Client Template	The SSL template to which the certificate is currently associated.
   Virtual Server(s)	The SSL client template is associated with auto renewed certificate.

    

5. Click Save.

   The confirmation message is displayed.

   After setting up the auto-renewal, you can configure triggers and alters to receive the certificate expiry and renewal notification.

   • The Certificate Expiry rule will alert when a template attached SSL certificate is about to expire in 30, 7, or 1 day(s).
   • The Certificate Renewal rule will generate alerts for the certificate renewal events (success or failure).

   For more information, see Add an Alert .

   Certificate Job lists the status of the auto renewal.