When 'EnableTLS' security is configured, and the TLSTool.exe utility is used to create a local self-signed certificate, it creates a certificate with a one-year expiration period. This duration is not documented can can easily lead to a total inter-process communication failure in a year, if the certificate is not replaced.

While it is possible to provide a commercial or enterprise generated certificate, the TLSTool.exe created certificate should be made more flexible:

1. The "TLSTool.exe create" syntax should be enhanced to allow the expiration period to be specified

2. It would help if a mechanism was added to warn administrators when the expiration period is approaching... for example in the Tealeaf Status report or in the Portal Logon "Announcements" function".

3. Auto-deployment via TMS: For large systems, deploying the certificate is a very manual and time consuming process. It would be better if TMS could pre-deploy the new certificate with a scheduled deployment time... including to the PCAs. At the deployment time/date, the new certificate would be activated and all socket connections would be reset.