Share your ideas

TLSTool.exe should allow longer SSL certificate duration

When 'EnableTLS' security is configured, and the TLSTool.exe utility is used to create a local self-signed certificate, it creates a certificate with a one-year expiration period. This duration is not documented can can easily lead to a total inter-process communication failure in a year, if the certificate is not replaced.


While it is possible to provide a commercial or enterprise generated certificate, the TLSTool.exe created certificate should be made more flexible:


  1. The "TLSTool.exe create" syntax should be enhanced to allow the expiration period to be specified

  2. It would help if a mechanism was added to warn administrators when the expiration period is approaching... for example in the Tealeaf Status report or in the Portal Logon "Announcements" function".

  3. Auto-deployment via TMS: For large systems, deploying the certificate is a very manual and time consuming process. It would be better if TMS could pre-deploy the new certificate with a scheduled deployment time... including to the PCAs. At the deployment time/date, the new certificate would be activated and all socket connections would be reset.


  • Eric Stamper
  • Aug 25 2021
How will this idea be used?

This enhancement will provide significant benefits: Avoiding a total end-to-end system failure if the certificate expires un-noticed, and also reducing the deployment effort on large systems.

What is your industry? Healthcare
What is the idea priority? Medium