Hi, We have an existing CA that has issued a nunmber of certificates. A challenge is to keep track of the expiration date on web server certificates issued without auto enrollment. Can FIM provide a good overview of issued certificates and provide alerts when it's time to renew certificates about to expire? Best regards, Danielwww.twitter.com/danielullmark

On Tue, 15 Nov 2011 09:32:15 +0000, Ullmark wrote: We have an existing CA that has issued a nunmber of certificates. A challenge is to keep track of the expiration date on web server certificates issued without auto enrollment. Can FIM provide a good overview of issued certificates and provide alerts when it's time to renew certificates about to expire? A qualified yes. FIM CM can send an email notification when the certificate enters the renewal period, however: 1. By default it only sends 1 notification. If you need to continue to send reminders then you need to look at doing something with the Notification API. 2. It will only send the notification to the original subscriber. What if that user is no longer with the org or no longer has responsibility for the cert? Again, you need to look at using the Notification API. Another option here is to look at the solution from Venafi: http://www.venafi.com/products/certificate-manager/ Paul Adare MVP - Forefront Identity Manager http://www.identit.ca Everybody needs a little love sometime; stop hacking and fall in love!

Hi, How can we configure FIM CM to send out re-newal notifications? Can it be done through the FIM CM manager web UI? Thanks.

You must use the FIM CM Update Service's account as the initiator for either Renew workflows or for Online Update workflows (both can be used for initiating renewals). Then set up the workflow so an email is sent to the subscriber with an OTP/OTPs so that they can complete the Renewal/Online Update workflow. As Paul stated, it will send *one* email, and *one* email only Brian