Expiration Check for Private CAs
Rule Details
Parameter |
Description |
---|---|
Rule Name |
pca-certificate-authority-expiration-check |
Identifier |
Expiration Check for Private CAs |
Description |
If the validity period of a private CA is not within the specified period, this CA is non-compliant. |
Tag |
pca |
Trigger Type |
Periodic |
Filter Type |
pca.ca |
Rule Parameters |
daysToExpiration: indicates a validity period. This is an integer type parameter. |
Application Scenarios
If a private CA expires, a series of serious security, O&M, and service problems may occur. The CA is the root of the digital certificate trust chain.
- All sub-certificates become invalid: After a CA expires, all sub-certificates issued by the CA are no longer trusted. As a result, services that depend on these certificates cannot run properly.
- Cloud service interruption: If a CA expires, cloud services that depend on the CA for encrypted communication may be interrupted.
Solution
Rotate a Private CA, or renew the private CA in the Billing Center.
Rule Logic
- If a private CA will expire within the specified period, this policy is non-compliant.
- If a private CA will not expire within the specified period, this policy is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot