UC_SERVER_TLS_SETTINGS - Server Certificate Management

This Variable (VARA) object allows you to customize the TLS/SSL settings for secure server connections. It is supplied with Client 0.

You can use the EXECUTE_ON_CERTIFICATE_EXPIRING key to define which custom action should be triggered if a certificate is close to expiring.

EXECUTE_ON_CERTIFICATE_EXPIRING

• Description: Object to be executed daily (at midnight UTC) when a TLS/SSL certificate expires within the next 30 days

  Note: The system searches for and activates the Object defined here in all clients except Client 0. No activation is allowed in Client 0.

  The following script variables can be read from the read buffer:

  • EXPIRATION_DATE#

    Certificate expiration date in UTC.

  • SERVER_NAME#

    Name of the relevant server process.

• Allowed values: Valid object name

• Restart required: JCP

Note: The system checks the certificate expiration date every 24 hours (at midnight UTC). If the expiration date of one or more certificates is within 30 days, AWI displays the following notification: "The following JCP certificates will expire within the next 30 days: <certificate name (expiration date)>". The expiration date of the certificate is also written into the JCP log file on startup as well as at midnight (UTC).

AWI displays only one notification even if there is more than one certificate about to expire. All relevant certificates are listed one after the other separated by a comma sorted by expiration date; the certificate closest to the expiration date is listed first.

The notification is displayed in all Clients but only to users with the privilege Access to Administration, see Granting Automation Engine Privileges. The notification remains visible until the certificate is renewed.

See also:

• List of VARA Objects for System and Client Values
• Starting and Ending Server Processes
• Securing Connections to the AE (TLS/SSL)