All certificates have a limited and valid lifetime. Identity certificates signed by the root CA of System Manager are valid for two years from installation. Session Manager auto-renews these identity certificates based on the number of days set before expiration under . For identity certificates signed by a third-party CA, the PKI administrator must replace or renew them before expiration.
Session Manager generates alarms to notify about certificate expiration. If the auto-renewal of a certificate fails or a third-party identity certificate is about to expire, Session Manager generates the following alarms:
Critical alarm (OP_MMTC20050): if the certificate expires in less than 15 days.
Major alarm (OP_MMTC20049): if the certificate expires between 15 and 29 days.
Warning alarm (OP_MMTC20048): if the certificate expires between 30 and 60 days.
Major alarm (OP_TMAG20500): if a certificate change is made that requires Session Manager restart.
Restart your Session Manager after a certificate is replaced or renewed so the system can use the latest certificates.
For more information about alarms and the certificate expiration process, see Troubleshooting Avaya Aura® Session Manager.
