Concept

In order to ensure that your certificates are always up-to-date and not expired, you can set up alerting for expiring CA and leaf certificates in Infisical.

Workflow

A typical alerting workflow for expiring certificates consists of the following steps:

  1. Creating a PKI/Certificate collection and adding certificates that you wish to monitor for expiration to it.
  2. Creating an alert and binding it to the PKI/Certificate collection. As part of the configuration, you specify when the alert should trigger based on the number of days before certificate expiration and the email addresses of the recipients to notify.

Guide to Creating an Alert

1

Creating a PKI/Certificate collection

To create a PKI/Certificate collection, head to your Project > Internal PKI > Alerting > Certificate Collection and press Create.

Give the collection a name and proceed to create the empty collection.

Next, in the Collection Page, add the certificate authorities and leaf certificates that you wish to monitor for expiration to the collection.

2

Creating an alert

To create an alert, head to your Project > Internal PKI > Alerting > Alerts and press Create.

Here, set the Certificate Collection to the PKI/Certificate collection you created in the previous step and fill out details for the alert.

Here’s some guidance on each field:

  • Name: A name for the alert.
  • Collection Collection: The PKI/Certificate collection to bind the alert to from the previous step.
  • Alert Before / Unit: The time before certificate expiration to trigger the alert.
  • Emails to Alert: A comma-delimited list of email addresses to notify when the alert triggers.

Finally, press Create to create the alert.

Great! You’ve successfully created a PKI/Certificate collection and an alert to monitor the expiring certificates in the collection. Once the alert triggers, the specified email addresses will be notified.

Was this page helpful?

Enrollment over Secure Transport (EST)Overview