Forum Discussion
.pfx certificates monitoring
With respect to below KB article for SSL certificate monitoring, can anyone please suggest how to monitor .pfx certificate in same way??
Hi
I don't think you need to do anything as the Bigip doesn't store the certificate as a pfx. As soon as you import it it goes into a pem format with the certificate+chain goes into one file and the key into another.
- sarodeumesh45Nimbostratus
Thanks for the response.
Actually i have configured weekly cron job for certificate expiry check & it getting run. But the thing is that, the warning i am getting on GUI (If getting expire in 1 month) for which i am not getting any alerts in this cron job.
Could you please suggest why not getting alerts from expiry cert. Below is what i have configured in weekly cron
/usr/bin/tmsh run sys crypto check-cert | logger -p local0.warning
/usr/bin/tmsh -c "cd /; run sys crypto check-cert" | logger -p local0.warningI would run the command manually and see what turns up in /var/log/ltm, or just run them without the pipe to see what they output.
I'm not sure what happens when you have the certificates in partitions other than Common, I have always used Common for certificates and ssl profiles. When dealing with automation it is just so much easier that way.
- sarodeumesh45Nimbostratus
Thanks for the response.
I run the command without pipe & i see some certificates logs in ltm file. But i did not see all expiring certificates warnings in ltm but have received few of them but no all from the partitions.
Could you please suggest?
Just for the fun of it can you move the expired certificates into Common, and then run the script, to see if there are any relations to where they are stored?
- sarodeumesh45Nimbostratus
Thanks for the response.
Yes, when i imported one of the expiring cert into common partition from other partition & run the script, i can see that cert alert now.
Also its not a case as noting from other partition cert alerts are generating but not all.
Its really strange thing!!!!!!!!!!
Now could you please suggest what would be the issue here?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com