Setting up alarming for certificate expiration

This procedure describes the steps to add an alarm extension on server certificate(s) under the SecurityService to notify you 30 days prior to expiration so that you can begin the certificate re-issue process before expiration occurs.

The SecurityService is already present in the station’s Service node. If not, you can add it from the nss palette.

Typically, server certificates have an expiration date set for two years from the date of creation (the date can vary). When the certificate expires, connection between the Niagara Network and the station fails. The expired certificate will need to be re-issued.

Note: The Certificates folder under SecurityService is automatically populated with any server certificates installed on the platform.
  1. In the NavTree, expand the station’s Config > Services > SecurityService > Certificates node.
  2. Expand the folder for the certificate that you will add the alarm extension to.
  3. Open the nss palette and expand the CertificateAlarms folder.
  4. From the palette, drag the ExpiryAlarmExt object onto the Expiry slot of the certificate.
    Note: The Expiry component’s OUT value displays the number of days remaining until the certificate will expire.

  5. Open a Property Sheet view of the ExpiryAlarmExt and configure the Alarm Class property as desired.
    For example, you might create an Alarm Class (under the AlarmService) just for this purpose named certificateAlarmClass and configure it to route the alarm to a ConsoleRecipient. Shown here, the ExpiryAlarmExt is configured to use that certificateAlarmClass.

  6. Optionally, you can enter preferred alarm text in the To Offnormal Text property.


On completion, when an Expiry alarm is generated it is routed to the alarm class, which routes the alarm to all recipients. If routed to a Console Recipient the alarm will show up in the Alarm Console view 30 days prior to the certificate’s expiration date. This allows sufficient time to have the certificate re-issued.

Note: By default, the ExpiryAlarmExt is configured for 30 days (fixed value) prior to expiration.