Windows TLS/SSL certificate expiration

Description

Check for expiring TLS certificates on Windows hosts by advancing the system clock forward one day, one week, and one month. Detect certificates that will expire before they cause outages.

What this Scenario does

This Scenario advances the system clock on your Windows hosts forward by one day, one week, and one month. This triggers certificate validation logic and reveals any TLS/SSL certificates that will expire within those time windows—without waiting for them to actually expire.

Why run this Scenario?

  • Proactively identify expiring certificates on Windows infrastructure, including IIS-hosted services.
  • Test certificate rotation automation in Windows Certificate Store and Active Directory Certificate Services.
  • Verify that monitoring detects upcoming certificate expirations on your Windows hosts.
  • Validate that Windows Time Service (W32Time) recovers correctly after the time shift.

Expected outcome

If a TLS certificate expires without renewal, the service on the Windows host fails gracefully and alerts trigger immediately.

Target
Microsoft Windows
Windows
Experiments
Time Travel
Time Travel
Preview
Runtime:  
5 minutes