1. Overview

User certificates identify a user, and are used to enforce access control policies. You can control how long user certificates are valid. By default, user certificates are valid for 365 days.

2. Configuring the validity period of user certificates

Configure the validity period of user certs.

  1. Open Console.

  2. Go to Manage > Authentication > Certificates.

  3. Under Configuration, enter a new value for Number of days until expiration of certificate.

  4. Click Save.

3. Expired user certificates

The following message is printed when you try to authenticate with an expired certificate. This example command tries to run docker ps on a remote host named prod_host1.

$ docker --tlsverify -H prod_host1:9998 ps
The server probably has client authentication (--tlsverify) enabled.
Please check your TLS client certification settings

4. Generating new certificates

When your certificates expire, you can generate new ones.

  1. Go to Console.

  2. Log in with your credentials to reauthenticate with Console. This step generates fresh certificates.

    • If you integrated Prisma Cloud with LDAP, log in with your LDAP credentials.

    • If you integrated with SAML, log in with your SAML credentials.

    • If you are using Prisma Cloud users, log in with your Prisma Cloud user credentials.

  3. On the left menu, click Manage > Authentication > Credentials. Non-admin users are taken directly to this page.

  4. Copy the installation script, and run it on your local machine.

    The script installs fresh certificates on your machine.

  5. Verify that your certs are valid by running a Docker command on a host protected by Defender.

    $ docker --tlsverify -H prod_host1:9998 ps