Updated on 2025-08-25 GMT+08:00

Expiration Check for Private CAs

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

pca-certificate-authority-expiration-check

Identifier

Expiration Check for Private CAs

Description

If the validity period of a private CA is not within the specified period, this CA is non-compliant.

Tag

pca

Trigger Type

Periodic

Filter Type

pca.ca

Rule Parameters

daysToExpiration: indicates a validity period. This is an integer type parameter.

Application Scenarios

If a private CA expires, a series of serious security, O&M, and service problems may occur. The CA is the root of the digital certificate trust chain.

  • All sub-certificates become invalid: After a CA expires, all sub-certificates issued by the CA are no longer trusted. As a result, services that depend on these certificates cannot run properly.
  • Cloud service interruption: If a CA expires, cloud services that depend on the CA for encrypted communication may be interrupted.

Solution

Rotate a Private CA, or renew the private CA in the Billing Center.

Rule Logic

  • If a private CA will expire within the specified period, this policy is non-compliant.
  • If a private CA will not expire within the specified period, this policy is compliant.