Hello All,
Recently i spotted warning on both of the both VA’s in cluster regarding expiration date for certificate of two Active Directory Domain Controllers
I’ve checked certificate with following command
openssl s_client -connect hostname:port
and receive exact same as we have currently right now on VA.
My question is:
Best regards
Hi @radoslaw_klimkowski You can do either way, now it is good that ISC is showing the warning about certificate expiration. I would replace the new certificate a couple of days before the expiration. Also make sure you don’t have any older certificates installed along with current one because VA is showing the warning for those certs too.
hey @suresh4iam
the thing is that command is retrieving exacly the same certificate that will soon expire
got it, then you can discuss with AD admin to generate a new certificate proactively before it expires and the same you can pull it in VA by using openssl command.
replay from AD was that they are completely unaware of that and their personal certificate will expire in 2026
That is quite challenge, at the best we did a PS script write up from ISC side to query the AD certificates and send the email notifications. Though ISC admin don’t have control, there are other options on AD side where they can use AutoCerticateRollover feature but it is all based on their security policy or can use any Cert Management tool.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.