Forum Discussion
Certificate Expiry Email alert configuration
Here are steps to receive certificate expiry email alert
Step 1.
update /config/ user_alert.conf directory with
alert CERTIFICATE_EXPIRED "Certificate (.*) expired" {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300";
email toaddress="xyz@domain.com"
fromaddress="Certificate_Expiry_Alert"
body="Certificate Expired on BigIP"
}
alert CERTIFICATE_WILL_EXPIRE "Certificate (.*) will expire" {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.301";
email toaddress="xyz@domain.com"
fromaddress="Certificate_Expiry_Alert"
body="Certificate will Expire on BigIP"
}
Step 2:
Update /etc/ssmtp/ssmtp.conf with below details
mailhub=mail.domain.com
To update above email kindly execute below command
tmsh modify sys outbound-smtp mailhub mail.domain.com
Verify whether it is updated correctly or not with below command
cat /etc/ssmtp/ssmtp.conf
Step 3:
Test email delivery with below command
echo "Subject: Smtp test mail" | sendmail -vs xyz@domain.com
Kindly make sure, you are able to telnet mail.domain.com at port 25 from BigIP/F5
Step 4:
Create file with below command
Vi Cert_Expiry_Alert.sh
Update Cert_Expiry_Alert file with below command
tmsh run sys crypto check-cert
Step 5:
Provide required permission to script with below command
Chmod +x Cert_Expiry_Alert.sh
Step 6:
Update crontab with below command
Crontab -e
30 13 * * * /usr/bin/bash /var/tmp/Cert_Expiry_Alert.sh
Here 30 implies minutes & 13 implies hours
This cron will be executed daily at 13:30
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
More details about Cron is available at K33730915
This solution has been tested at version 16
Viv_Richards - thank you for sharing this post. I see that you also created a post in our CrowdSRC section - currently that content is reviewed by our Content Manager prior to publishing ; so it takes a few days sometimes. https://community.f5.com/t5/crowdsrc/certificate-expiry-email-alert-configuration/ta-p/300349
I'll lock this record and request that any continuing conversation happen on the CrowdSRC record.
Thanks again for this excellent submission.
Lief
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com