Which of the following is true about certificate expiration monitoring?
A.
Must be run manually.
B.
Must be run on the deployment manager.
C.
Deletes the certificates after they are expired, but does not replace them.
D.
Can replace expired certificates or certificates in the expiration threshold with a new certificate
Explanation:
Certificate monitor configuration settings can be configured on the administrative console by selecting Security
> SSL certificate and key management > Manage certificate expiration. . On the Manage certificate expiration
panel, you can perform the following functions.
Set the expiration threshold in the box labeled Expiration replacement threshold. The expiration
replacement threshold is the number of days before a certificate expiration that a certificate can be replaced
and has a default value of 60 days.
Delete the certificates after they are replaced by selecting the Delete expiring certificates and signers after
replacement box. This box is selected by default.
Etc.
https://www.ibm.com/support/knowledgecenter/en/SSAW57_7.0.0/com.ibm.websphere.nd.doc/
info/ae/ae/csec_sslcertmonitoring.html
I think B,
Monitor is accessible through the console (running on DM) and D is too general:
The Certificate Expiration Monitor does not handle replacing client self-signed certificates and is not capable of sending the new signer certificate needed for trust. If the client is a web server plug-in, it will not be able to securely communicate with the application server after self-signed certificate replacement.
https://www.ibm.com/support/knowledgecenter/SSAW57_9.0.0/com.ibm.websphere.nd.multiplatform.doc/ae/tsec_sslconfcertexpmon.html
1
0