|Applies To||RSA Certificate Manager 6.8|
Auto Enrollment Proxy (AEP)
When issuing a cert via AEP, the validity period is always set to 1 year, no matter the validity specified in the extension profile/Jurisdiction.
Certificates are assigned validity from the Minimum certificate validity expiry policy when issued through the AEP.
If certificate expiry policy set as profile based, then certificates are issued with the validity of profile which is configured under aep.xuda page. (It will not take the validity of profile configured under "Profile Choices").
|Cause||If validAfter and validUntil values are not set from GUI, Apache retrieves the values from TTL. If TTL is not set in xuda page, apache sets the validity period as 30 days. This validity period compare against the Jurisdiction or Profile min or max expiry policy. If it is minimum than the configured jurisdiction policy, then certificates are issued with configured minimum value. |
AEP xuda page configured with TTL value as 1 year.
The AEP Xuda page is configured with the time-to-live (TTL) value as one year, which is set as the validity for the certificate. As all certificates are set with this one-year validity period, users cannot have certificates with greater or lesser validity period.
This problem is fixed in RSA Certificate Manager 6.8 build519. The validity period is now taken from the Certificate Expiry Policy configuration.
|Legacy Article ID||a53874|