Product: TIBCO Spotfire®
Spotfire Server certificate expiration new behaviour (since 7.11.7, 10.7 and latest 10.3 service pack) and how to configure expiration time.
Spotfire Server back-end trust certificate has been valid for 12 months and renewed with restart of Spotfire Server up until new versions 7.11.7, 10.7 and latest 10.3 service pack.
The behaviour for versions prior to this and how to handle it is described in the below KB Article:
https://support.tibco.com/s/article/Spotfire-Server-certificate-expiration
The default behaviour is changed so that certificates (both TIBCO Spotfire Server and Node Manager) are renewed if less than half of the certificate's validity period remains. For existing certificates (which, assuming the default configuration, have a validity of one year) this means that it's sufficient to restart the Spotfire Server or Node Manager once every six months to ensure that it always has a valid certificate. The default certificate validity is also prolonged from one to two years, so for new certificates it will be sufficient to restart once a year.
Configuring validity time can be done with the settings in configuration.xml:
security.ca.validity-period-end-entity-certs -- default is now 730, earlier it was set to 365
??????security.ca.validity-period-ca-certs -- default is 3650
Where end-entity is for Spotfire Server / Node Manager.
These two settings do only affect new certificates, so if you want these changes to valid for older certificates as well you have to first un-trust the Nodes or run the reset-trust command from command line.
To edit configuration.xml export the active configuration, edit in the XML file directly and then import again.
Documentation of how to edit configuration:
https://docs.tibco.com/pub/spotfire_server/10.3.4/doc/html/TIB_sfire_server_tsas_admin_help/GUID-C584A115-D1A5-4940-904F-C9A9E8F4F425.html
Example of how you could configure this using command line:
set-config-prop -n "security.ca.validity-period-end-entity-certs" -v "desired value"