The ask is, we do configure Genesys cert at our level to invoke Genesys APIs, before expiration of Genesys cert or before renewal of it could you send us a notification email so that we can take appropriate action from our end.
The Cert which I am using is below one which will get expire on 18th October.
You can check a couple of months before expiry.
I will mention this internally.
Regarding your second question, I still do see expiry is 9/30/23, 9:48:01 AM GMT+5:30
The timestamp you provide here does not correspond to your screenshot.
I don't know if you are going through a proxy or something that interfers with certificates. But if you log on Genesys Cloud Desktop, click on Site information in url (chrome), you should see the certificate used.
The one I see coresponds to the dates I have given above.
To check internally before expiry is not feasible solution. We do have number of Integrations where we need cert of third party system. Currently whenever there is cert renewal third party would send us notification email before renewing the cert stating on which date there are going to renew the cert along with this they do send renewed cert as well.
Let me know how it is being handled in Genesys, how consumers of the Genesys will get to know expiry of cert along with renewed cert.
@Priti we do not publish those certs in advance to my knowledge. If you believe this will cause an operational impact for you, please open a case with Genesys Cloud Care to report this as an issue for your company. Care should be able to address your concern more directly.
Hi Tim,
Can you share certs for login.usw2.pure.cloud and api.usw2.pure.cloud?
I do see in new and old crt(M02) second level cert name has been changed along with serial number too, practically in case of renewal only serial number must get changed.
Standard operating procedure is to trust the root CA so that the browser will automatically trust the cert issued by that CA. If your IT team has imposed a requirement that you may not trust root CAs and must trust each cert individually in each of your 150+ applications, your scalability concern should be raised with your IT team; that is not a requirement being imposed by Genesys.
Yeah I am entirely unclear what you're doing but it sounds fundamentally wrong and agree with Tim that you shouldn't have to know specific certs or care about expirations as long as they get replaced before they expire. As long as the cert itself is valid and came from a trusted source you should be fine and if your requirements are more stringent than that you absolutely should have your own automation that tests and warns about certs nearing expiration or about to change, it's not on the rest of the internet to warn you.
I have a process of my own that monitors all the certs on my sites use to make sure they get updated before expiring, so can attest the automation for that is trivial.