1. Proposed title of this feature request
Certificate expiration notification
Generate Central/Scanner certs on demand

2. What is the nature and description of the request?
There are currently two processes for monitoring/renewing internal certs. For Central & Scanner, customers wait for the banner to appear 15 days prior expiration, then click the link to download new secrets. For Sensor, Collector, and Admission Controller, customers monitor cluster expiration dates and generate a new init bundle.

Two improvements are sought: configurable notification of certificate expiration and the ability to generate Central/Scanner certs prior to the 15-day banner appearing

Policy criteria for certificate expiration may be a simple way to address the first requirement. Adding an always-present link to the UI to regenerate Central/Scanner certs would address the second.

3. Why does the customer need this? (List the business requirements here)
15 days is not sufficient notice for all customers. Customers monitoring multiple clusters with different expiration dates have to regular keep tabs on cluster cert expiration.

4. List any affected packages or components.
Policy criteria, Central UI

ROX-10949 may also be interesting depending on the details.