Expiry Alerts

Expiry Alerts in CERTInext enable proactive monitoring of certificate validity to prevent service disruptions caused by expired certificates. The platform continuously evaluates certificate expiration timelines and alerts users well in advance, allowing sufficient time for renewal, replacement, or decommissioning.

Expiry monitoring applies to all certificates managed or discovered through CERTInext, including:

• Certificates issued through the CERTInext platform

• Certificates discovered using Bots

• Public certificates identified via Certificate Transparency (CT) logs

• End-entity certificates as well as CA certificates

How Expiry Monitoring Works

CERTInext continuously tracks the validity period of each certificate and calculates the remaining lifetime based on the current date and the certificate’s expiration date.

Expiry evaluation runs automatically and does not require manual intervention. As certificates move closer to their expiration date, they transition through predefined lifecycle states such as:

• Active

• Expiring Soon

• Expired

These states are reflected across dashboards, inventory views, and alerting mechanisms.

Expiry Alert Thresholds

Expiry alerts are generated based on configured alert windows, which typically include multiple stages to support early warning and escalation.

Common expiry thresholds include:

• Early warning alerts (for example, 90 or 60 days before expiry)

• Critical alerts (for example, 30 days or less)

• Post-expiry alerts for certificates that have already expired

Thresholds ensure that teams are notified early enough to plan renewals while also highlighting certificates that require immediate action.

What Triggers an Expiry Alert

An expiry alert is triggered when:

• A certificate enters a configured “expiring soon” window

• A certificate reaches its expiration date

• A CA certificate approaches expiration and may impact dependent certificates

Expiry alerts apply regardless of where the certificate was discovered or issued, ensuring consistent monitoring across the entire certificate estate.

Identifying Expiry Issues

Users can identify expiring certificates through multiple monitoring touchpoints:

• Expiry Alerts indicating certificates nearing expiration

• Dashboards and KPIs highlighting expiring and expired certificate counts

• Certificate Inventory showing exact expiration dates and remaining validity

• Reports summarizing certificates by expiry timeline

Each alert links back to the affected certificate, allowing users to immediately review certificate details, deployment locations, and ownership.

Responding to Expiry Alerts

Once an expiry alert is raised, CERTInext enables direct remediation actions, including:

• Initiating certificate renewal

• Replacing certificates with updated cryptographic parameters

• Scheduling automated renewal through provisioning workflows

• Decommissioning certificates that are no longer required

After a certificate is renewed or replaced, expiry alerts are automatically updated or cleared, ensuring alert accuracy and avoiding duplicate notifications.