Alerts

Alerts are indicated by red badges in the UI TOCClosedTable of Content. The left pane in the Web UI. pane. Alert indication also appears when listing or showing impacted item's settings.

In UI, a number in a badge indicates the number of affected items. Navigating to the Alert Message:

  1. In a TOCClosedTable of Content. The left pane in the Web UI. pane, click the item that has the red badge.
    Presentation of an alert in the TOC pane
  2. → The corresponding page appears.

    If the page has the secondary TOCClosedTable of Content. The left pane in the Web UI. (like the Config page), the second red badge will mark the affected area. Eventually, you will reach the table that contains the source of the alert. In the table, the items that require your attention are highlighted in red.

  3. To examine the alert details, select the item and, as needed, click the "Show info" command.

Summary of Alerts

ACTIVATION_CODE_ABOUT_TO_EXPIRE
Expiration of a long term ACClosedActivation Code assigned to a client is due in less than the specified warning period. Applies to CORE client-templates and registered clients. See AC Expiry AlertAlerts
ACTIVATION_CODE_EXPIRED
ACClosedActivation Code has expired. Applies to long term and short term activation codes.
CERT_ABOUT_TO_EXPIRE
Expiration of identity or trust certificate is due in less than the specified warning period. Applies to CORE servers, clients, and RootCA. See Certificate Expiry AlertAlerts
CERT_EXPIRED
The specified certificate (CORE server, client, or Root CA) has expired.
DB_BACKUP_FAILURE
Automatic database backup has failed.
DB_BACKUP_INCONSISTENT
Automatic database backup of EP and its Partner has mismatching items.
IS_LOCKED
The template for ephemeral client is locked-out. It blocks the generation of ephemeral clients that depend on this template.
KEY_ACTIVATION_IS_APPROACHING
A key is scheduled for activation and it is due in less than the specified warning period.
KEY_DEACTIVATION_IS_APPROACHING
A key is scheduled for deactivation and it is due in a less than the specified warning period.
KEY_ROTATION_IS_APPROACHING
A key is scheduled for rotation and it is due in less than the specified warning period.
OUT_OF_SYNC
MPCClosedMultiparty computation - A methodology for parties to jointly compute a function of their inputs while keeping those inputs private.-shares of a key in EP and Partner databases are misaligned.
RENEW_REQUIRED
The client trust repository must be renewed. See Client Trust Store Alert.
RESTART_REQUIRED
The EKMClosedEnterprise Key Management - previous name of the product. service restart is required. Reminds the Root SOClosedSecurity officer - UKC partition administrator role. that activation of a particular system setting's change requires restarting the service.
In CLIClosedCommand Line Interface this alert is indicated by the requireRestart value in the ucl server test output.
SECRET_ABOUT_TO_EXPIRE
Applies to clients that are created using time-constrained secrets.
SECRET_EXPIRED
Applies to clients that are created using time-constrained secrets.

AC Expiry Alert

ACClosedActivation Code expiry alerts is enabled for activation codes that a valid for more than one day. For such ACClosedActivation Code the alert is turned on as follows:

  • if an ACClosedActivation Code is valid for more than a week, the system turns on the alert 7 days before its expiry.
  • else it turns on the alert 24 hours before its expiry.

Certificate Expiry Alert

  • Server certificate
  • <CORE Server Name> certificate expires in <M>months, <W> weeks, <D> days

    This alert is raised when the server's certificate validity approaches its end. In particular, when the number of days before its expiry is less than the server-pre-expiry system setting.

    To mitigate the potential issue, renew the specified server's certificate. See ekm_renew_server_certificate.

  • Client certificate
  • Client certificate expires in <M>months, <W> weeks, <D> days

    This alert is raised when the client's certificate validity approaches its end. In particular, when the number of days before its expiry is less than the client-pre-expiry system setting.

    To mitigate the potential issue, renew the specified client's certificate. See ucl renew.

Client Trust Store Alert

Client trust repository must be renewed

This alert is raised when the Root CA certificate:

  1. Has been updated on EP.
  2. The new Root CA certificate is missing from the client's trust store.

Note
The problem might occur once the EP server renews its SSLClosedSecure Sockets Layer - a cryptographic protocol that provides communications security over a computer network. certificate. The renewed certificate is signed by the new Root CA. Because of this, clients that have not obtained the new Root CA certificate will fail to validate EP's certificate and will refuse to connect to it.

To mitigate the potential issue, use one of the following commands on the affected client:

  • ucl root_ca - to update the trust store.
  • ucl renew - to renew the client's certificate and to update the trust store.