Ensure that you renew certificates before it gets expired. Your security needs might allow for a longer or shorter period. You can configure to get certificate expiration notifications.
For more information, see Getting the Certificate Expiration Notification
in the NetIQ Access Manager 4.3 Best Practices Guide.
When you install Administration Console, the following test certificates are automatically generated:
For strong security, it is recommended that you replace these certificates, except the test-stunnel certificate, with certificates from a well-known certificate authority.
Ten years after you install Administration Console, new versions of these certificates are automatically generated as the old certificates expire. If you are using any of the test certificates in your configuration, Administration Console cannot use the new version until you reboot the machine.
Access Manager renews test-* certificate for both primary and secondary Administration Console including the edir certificate on secondary Administration Console automatically.
Certificates created manually by using Access Manager CA does not get renewed automatically.
Perform the following steps to renew manually created certificates. Lets assume that a certificate with the alias signing in the Identity Server signing keystore is about to expire.
Create a new certificate. (Security > Certificates > New)
Add the new certificate to the keystore with the alias of the certificate that will expire (signing). (Actions > Add Certificate to Keystores)
Select the option to overwrite.