Forum Discussion

Viv_Richards's avatar
Viv_Richards
Icon for Cirrostratus rankCirrostratus
Aug 25, 2022

Certificate Expiry Email alert configuration

Here are steps to receive certificate expiry email alert

Step 1.

update /config/ user_alert.conf directory with 

alert CERTIFICATE_EXPIRED "Certificate (.*) expired" {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300";
email toaddress="xyz@domain.com"
fromaddress="Certificate_Expiry_Alert"
body="Certificate Expired on BigIP"
}

alert CERTIFICATE_WILL_EXPIRE "Certificate (.*) will expire" {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.301";
email toaddress="xyz@domain.com"
fromaddress="Certificate_Expiry_Alert"
body="Certificate will Expire on BigIP"
}

Step 2:

Update /etc/ssmtp/ssmtp.conf with below details
mailhub=mail.domain.com

To update above email kindly execute below command
tmsh modify sys outbound-smtp mailhub mail.domain.com

Verify whether it is updated correctly or not with below command

cat /etc/ssmtp/ssmtp.conf

Step 3:

Test email delivery with below command
echo "Subject: Smtp test mail" | sendmail -vs xyz@domain.com

Kindly make sure, you are able to telnet mail.domain.com at port 25 from BigIP/F5

Step 4:

Create file with below command
Vi Cert_Expiry_Alert.sh
Update Cert_Expiry_Alert file with below command
tmsh run sys crypto check-cert

Step 5:

Provide required permission to script with below command
Chmod +x Cert_Expiry_Alert.sh

Step 6:

Update crontab with below command
Crontab -e
30 13 * * * /usr/bin/bash /var/tmp/Cert_Expiry_Alert.sh

Here 30 implies minutes & 13 implies hours

This cron will be executed daily at 13:30 

# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed

More details about Cron is available at K33730915

 This solution has been tested at version 16