Configuring value thresholds using Account Preferences
Throughout Venafi Platform, the system shows you information based on thresholds that you create to ensure you are protecting your key and certificate data in accordance with your organization's policies and objectives. Venafi Platform is designed to give you flexibility in providing warnings based on thresholds you define. These thresholds affect not only the data you see across the dashboards, but also apply to the way keys and certificates are reported to you throughout Venafi Platform.
Users can access the Account Preferences screen to configure these thresholds for themselves. Additionally, system administrators can set and lock values, so all users in the organization must use the same settings.
Setting threshold values for an individual
- On the menu, click the user icon, then click Preferences.
- From the left, select a product (TLS Protect & Client Protect; SSH Protect; or CodeSign Protect) depending on which settings you with to modify.
- Modify the threshold values as needed.
- Click Save.
Setting threshold values across the organization
- Log in as the master admin.
- On the menu, click on the user icon, then click Preferences.
- From the left, select a product (TLS Protect & Client Protect; SSH Protect; or CodeSign Protect) depending on which settings you with to modify.
- Modify the threshold values as needed.
-
Click the lock icon
to prevent others in your organization from setting a different personal value. If the value is locked, and you want users to be able to configure this value for themselves, click the unlock icon
.
NOTE Modifying these values without locking them will only modify them for your account, not for other users in your organization. Locking these values locks the value for all users.
- Click Save.
TLS Protect and Client Protect settings
Name |
Default |
Description |
---|---|---|
Flag certificates which use a key algorithm with a strength of | 80 (bits) | For some key types, smaller key lengths are less secure, You can choose to flag and report certificates that use shorter key length algorithms. This value is stored in bits. |
Flag certificates with a validity period greater than | 397 (Days) | Certificates with long validity periods may be more susceptible to being compromised. Set this value in days. (The default is 397 days.)1 |
Weak Signing Algorithm | None | Allows and reports algorithms considered to be less secure or outdated for signing operations. |
Flag certificates as Expired - Long Term if expired for longer than | 30 (Days) | Expired certificates are grouped into two categories: (1) Expired - short term; and (2) Expired - long term. This helps you with analysis and reporting to recognize items that have recently expired so you can take action on them, if necessary. Set this value in days. |
Flag certificates as Expiring Soon if expiring in less than | 30 (Days) | To give you enough time to take action on a soon-to-expire certificate, the system begins warning you before a certificate will expire. This value controls how early you want to be alerted to expiring certificates. Set this value in days. |
Support Large Object Trees | No | Setting to "Yes" will force all users' administration consoles to launch in query mode. See Start the console in Query mode |
SSH Protect settings
Name |
Default |
Description |
---|---|---|
Flag certificates which use a key algorithm with a strength of | 80 (bits) | For some key types, smaller key lengths are less secure, You can choose to flag and report certificates that use shorter key length algorithms. This value is stored in bits. |
Flag keys as Unused Authorized Keys if not used for | 365 (Days) | SSH Protect tracks authorized key usage. If an authorized key has not been used for a long period of time it may be time to remove the key so it no longer has any access to your systems. This helps protect your system so old keys can't be used to access the system by somebody who is no longer authorized to have access. Set this value in days. |
CodeSign Protect settings
On the CodeSign Protect User Preferences, you can re-enable the First Project dialog, as if you are logging into the product for the first time. Click Clear Setting to see this dialog again.