This article was imported from Niagara Central Community.
Problem-
How to setup alarming so that an expiring Server certificate will generate an alarm.
Solution-
Typically server certificates have an expiration date set for two years from creation date (date can vary). When the certificate expires any Niagara Network FOXS connection between stations that disconnects will then fail to reconnect due to the expired certificate. Any expired certificates will need to be re-issued.
How to setup alarming to be notified when a certificate is expiring-
Starting in Niagara 4.6 a 'Niagara Security Service' palette (nss) was added which contains a 'SecurityService' and an 'ExpiryAlarmExt' which are used to configure certificate expiration alarming.
Configuring certificate alarming-
- Open the nss palette and drop the SecurityService into the station's Services folder.
- This action should automatically populate the existing Server certificates under the 'Certificates' folder that resides under the SecurityService.
- Next add an 'ExpiryAlarmExt' to any certificate requiring an alarm. Add this extension under the certificate's 'Expiry' slot. Configure the Alarm Class. The remaining 'ExpiryAlarmExt' property defaults should work as set. You can add 'To Offnormal Text' if desired. Note that the 'Expiry' (Certificate Expiry Point) Out value is holding the number of days until the certificate is due to expire.
- The 'ExpiryAlarmExt' by default is configured for 30 days (fixed value). An alarm will show up in the Alarm Console, routed to the selected Alarm Class, 30 days prior to the certificates expiration date. This allows 30 days to get the certificate(s) re-issued.
Also see the Station Security document:
- "Certificate set up" from page 23
- "nss-SecurityService" from page 105