Currently Guardium Venafi integration does not support automatic renewal of certificates generated by Venafi. This means that Guardium administrators still have to check for certificate expiry (for example by responding to certificate expiry warnings shown after GUI login). When the warning is shown the administrator then needs to get a new access token and configure the integration with the store certificate cms command. The configuration can then be distributed to the rest of the units and the administrator can initiate the certificate requests for the CM and all managed units.
Automation of the certificate renewal process would reduce the amount of administrator effort in maintaining certificates especially in large environments with multiple central managers.
This could be implemented by creating a scheduled job to check for certificates that are due to expire and request a new certificate from Venafi. In order to implement this the methods to authenticate with venafi would also have to be enhanced as it is likely that access tokens would have expired by the time that the renewal needs to be initiated.
Do not place IBM confidential, company confidential, or personal information into any field.