This article was imported from Niagara Central Community.
Problem
Setting up alarms to notify when a server certificate is nearing its expiration date.
Background
Server certificates typically have an expiration date set for two years from the creation date, though this may vary. When a certificate expires, any FOXS connections within the Niagara Network that rely on it will fail to reconnect. To resolve this issue, expired certificates must be re-issued. Configuring alarms for certificate expiration ensures timely notifications, avoiding connection disruptions.
Solution
Starting with Niagara 4.6, the Niagara Security Service (nss) palette introduced a SecurityService component and an ExpiryAlarmExt feature, which are designed to enable certificate expiration alarms.
Steps to Configure Certificate Expiration Alarming
1. Add the SecurityService:
Open the nss palette.
Drag and drop the SecurityService component into the station’s Services folder.
This action will automatically populate the existing server certificates under the Certificates folder within the SecurityService.
2. Add the ExpiryAlarmExt:
Locate the certificate requiring an alarm.
Under the certificate’s Expiry slot, add the ExpiryAlarmExt extension.
Configure the Alarm Class. The default settings for the remaining ExpiryAlarmExt properties are typically sufficient.
Optionally, customise the To Offnormal Text for the alarm message.
Note: The Expiry (Certificate Expiry Point) output value shows the number of days remaining until the certificate expires.
3. Alarm Notification Setup:
By default, the ExpiryAlarmExt is set to trigger an alarm 30 days before the certificate’s expiration.
Alarms will appear in the Alarm Console and be routed to the configured Alarm Class, providing a 30-day window to re-issue the certificate(s).
This configuration ensures proactive notification of expiring certificates, helping maintain uninterrupted network connections.
Also see the Station Security document:
– “Certificate set up” from page 23
– “nss-SecurityService” from page 105
Also see how to setup OSSTeamsTools to bring your Niagara alarms into a Microsoft Teams Channel.