For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

amoxi_100233's avatar
amoxi_100233
Icon for Nimbostratus rankNimbostratus
Dec 18, 2007

Block Web Application when SSL cert expires

Hello,     Is there a way to check the expiry date for the SSL certificate installed on the F5 LTM? Can F5 stop forwarding to the pool members if the cert is expired?     Please advice. ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 18, 2007
In more recent LTM versions, a message is logged and an SNMP trap/email can be generated when a cert is going to expire within 30 days or has already expired. This is described in SOL7574

 

(Click here).

 

 

I'm not sure there is a way to get details on the cert the LTM is presenting to clients in an iRule. If there isn't, you might be able to write an iControl program which checks the the validity of each virtual server's SSL certificate and disables the VIP if it is expired.

 

 

But I would think/hope getting a 30 day notice the cert is about to expire would allow you to avoid the failure altogether.

 

 

Aaron