Preferences

The Preferences option on the User Menu takes you to your Account Preferences page, where you can configure specific settings, including customizing the product menus (for supported products).

Throughout system, you see information based on thresholds that you create. This helps to ensure you are protecting your key and certificate data in accordance with your organization's policies and objectives. Venafi Platform is designed to give you flexibility in providing warnings based on thresholds you define. These thresholds affect not only the data you see across the dashboards, but also apply to the way keys and certificates are reported to you throughout Venafi Platform.

You can access Preferences from the User menu to configure these thresholds for yourself.

The master admin can lock values to ensure all users in the organization use the same settings.

Setting threshold values for an individual

  1. On the menu, click the user icon, then click Preferences.
  2. From the left, select a product (TLS ProtectClient Protect; SSH Protect; or CodeSign Protect) depending on which settings you with to modify.
  3. Modify the threshold values as needed.
  4. Click Save.

Setting threshold values across the organization

  1. Log in as the master admin.
  2. On the menu, click on the user icon, then click Preferences.
  3. From the left, select a product (TLS ProtectClient Protect; SSH Protect; or CodeSign Protect) depending on which settings you with to modify.
  4. Modify the threshold values as needed.
  5. Click the lock icon to prevent others in your organization from setting a different personal value. If the value is locked, and you want users to be able to configure this value for themselves, click the unlock icon .

    NOTE  Modifying these values without locking them will only modify them for your account, not for other users in your organization.

  6. Click Save.

TLS Protect and Client Protect settings

Account Preferences settings for TLS Protect and Endpoint Protect

Name

Default

Description

Flag certificates with a key smaller than 2048 (Bits) For some key types, smaller key lengths can be less secure, and you may want to ensure small keys are flagged by the system. This value is stored in bits.
Flag certificates with a validity period greater than 397 (Days) Certificates with long validity periods may be more susceptible to being compromised. Set this value in days. (The default is 397 days.)1
Approved Signing Algorithm SHA256, SHA384, SHA512 Select from the list of signing algorithms the ones you want to trust as 'approved.' Certificates with signing algorithms not in this list will be marked as a security risk. To see a full list of algorithms, click inside the box.
Flag certificates as Expired - Long Term if expired for longer than 30 (Days) Expired certificates are grouped into two categories: (1) Expired - short term; and (2) Expired - long term. This helps you with analysis and reporting to recognize items that have recently expired so you can take action on them, if necessary. Set this value in days.
Flag certificates as Expiring Soon if expiring in less than 30 (Days) To give you enough time to take action on a soon-to-expire certificate, the system begins warning you before a certificate will expire. This value controls how early you want to be alerted to expiring certificates. Set this value in days.
Flag certificates that are Within the second half of their renewal period Helps you identify certificates that need renewal only after they have reached a point in their life cycle (half way, for example). This is more flexible than a number of days, as it takes into account the overall validity period.

SSH Protect settings

Account Preferences settings for TLS Protect and Endpoint Protect

Name

Default

Description

Flag keys with a key smaller than 1024 (Bits) Smaller keys are typically less secure keys, and you may want to ensure small keys are flagged by the system. This value is stored in bits.
Flag keys as Unused Authorized Keys if not used for 365 (Days) SSH Protect tracks authorized key usage. If an authorized key has not been used for a long period of time it may be time to remove the key so it no longer has any access to your systems. This helps protect your system so old keys can't be used to access the system by somebody who is no longer authorized to have access. Set this value in days.

CodeSign Protect settings

On the CodeSign Protect User Preferences, you can re-enable the First Project dialog, as if you are logging into the product for the first time. Click Clear Setting to see this dialog again.

Customizing product menus

From the Preferences menu you can customize your product menus. If you are a master admin, you can also customize the default menus for your organization's users.

For information on customizing the product menus, see Customizing the product menus.