Auto-Tidy Disabled
Take the necessary steps to ensure that vHSM’s auto-tidy functionality is enabled, allowing for efficient and regular cleanup of revoked certificates, expired certificate data, and related resources.
This health check ensures that vHSM’s auto-tidy functionality is enabled with appropriate settings to clean up revoked certificates, expired cert data, and related resources regularly and efficiently.
Health Check Name: enable_auto_tidy
enable_auto_tidyAccessed APIs
READ
/config/auto-tidy
Retrieves the auto-tidy configuration.
Configuration Parameters
interval_duration_critical
7d
Maximum interval duration allowed before marking status as Critical.
interval_duration_warning
2d
Maximum interval duration allowed before marking status as Warning.
pause_duration_critical
1s
Maximum pause duration allowed before marking status as Critical.
pause_duration_warning
200ms
Maximum pause duration allowed before marking status as Warning.
Health Check Description
This health check verifies:
Whether auto-tidy is enabled.
Whether
interval_durationandpause_durationare set within best-practice thresholds.
Health Check results
Informational
Auto-tidy is disabled. This is a best practice recommendation but not mandatory.
Warning / Critical
interval_duration or pause_duration values exceed the defined thresholds, potentially impacting performance or certificate lifecycle management.
Recommended Actions
To remediate warnings or critical statuses and enable optimal certificate lifecycle management:
Enable Auto-Tidy with Recommended Defaults
vhsm write <mount>/config/auto-tidy \
enabled=true \
tidy_cert_store=true \
tidy_revoked_certs=true \
tidy_acme=true \
tidy_revocation_queue=true \
tidy_cross_cluster_revoked_certs=true \
tidy_revoked_cert_issuer_associations=trueLast updated
Was this helpful?