Entrust PKI Hub 1.0.0 - Installation and Administration Guide [PDF]

If supported by the selected profile, you can check the Auto Renewal box and configure the following settings.

Renewal Period

The day the certificate must be renewed, as a number of days before the certificate expiry. For a certificate that expires in E days and a Renewal Period set to P, the renewal starts in E-P days. At 12:00 AM UTC every day, a background process collects the certificates that:

Must be renewed the same day because E-P=0
Failed a previous renewal because E-P<0

For example, to force a certificate renewal the next day, set a P value equal to E-1 before 12:00 AM UTC. At 12:00 AM UTC, E-P will equal 0, and the certificate will be included in the renewal queue for that day.

The restrictions imposed by Apache, Nginx, or Microsoft IIS destinations on other issuance modes do not affect automated renewal. Specifically, these destinations support automated renewal with client-side generated keys and CSRs.

PKCS12 Password

The password of the PKCS #12 for delivering the certificate and its private key in the selected Destinations.

This password is encrypted and stored in the application database.