I have a Windows Server which started logging this warning event 36/37 days before a certificate's expiry date and I would like to understand what controls/sets this timing and how it can be configured.
The certificate in question was not auto-enrolled.
Ultimately, I would like to use this event to send a notification X days before the cert is going to expire.
The source of this event in Event Viewer is CertificateServicesClient-Lifecycle-System>Operational
See here for more context:
https://social.technet.microsoft.com/wiki/contents/articles/14250.certificate-services-lifecycle-notifications.aspx
Best Answer
The certificate is considered as "about to expire" in Windows after it reaches 90% of its validity. You can configure this in GPO as specified in referenced TechNet Wiki article's "Settings for Autoenrollment added to Group Policy" section:
Computer/User Configuration, Windows Settings, Security Settings, Public Key Policies, Certificate Services Client - Auto-Enrollment.