Lifetime of OCSP certificates Scom best practise

Steve 41 Reputation points
2021-10-14T08:58:52.07+00:00

We have an OCSP certificate with a validity period of 6 weeks, and a renewal period of 1 week
Scom generates alerts 21 days before the certificate expires.
I can make an override for the Certificate lifetimespan to eg 5 days
But if the certificate is renewed this override is no longer valid as the thumbprint has changed
Is it possible to make an override for a certificate with such a short validity period?
Thanks

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,413 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. CyrAz 5,181 Reputation points
    2021-10-16T14:51:27.637+00:00

    You could create a SCOM group that would dynamically contain every OCSP certificate based on their template, and then create the override for that group.
    Or simply exclude the OCSP certificates from the certificate discovery entirely.

    0 comments
  2. Steve 41 Reputation points
    2021-10-18T11:27:49.967+00:00

    Thanks CyrAz.
    How to create a SCOM group that would dynamically contain every OCSP certificate based on their template?
    141348-ocsp-group.jpg

    Is this the way to create de Scom group?
    Thanks

  3. Steve 41 Reputation points
    2021-10-18T16:34:06.08+00:00

    We manage multiple customers with scom. A gateway server is installed at every customer. This problem occurs with 1 customer.
    In the print screen you see part of the display name as preview, but I ended up using the template name. Without spaces.
    I've created the group, but don't see any members (yet).
    Is it also better to mention the domain of the client in the discovery rule?

    0 comments