Forum Discussion
Certificate expiry monitoring
Hello Everyone!
Would like to ask how you monitor your certs in your F5s? we would like to monitor the certificate expiry on our F5. I am checking our logs on ltm but it seems that the normal certs are not being logged. I only see cert bundles. Can you share how you monitor the certs expiry on f5?
- f51
Cirrocumulus
Try - Sending an advance email alert for impending SSL certificate expiration
https://my.f5.com/manage/s/article/K15288If you have an F5 BIG-IQ device, it offers centralized management and monitoring of your F5 devices, including SSL certificates. BIG-IQ can send alerts when certificates are about to expire.
You can write custom scripts (e.g., in Python or Bash) that periodically query the F5 device for certificate information using the iControl REST API. These scripts can then send notifications via email, Slack, or other messaging services when a certificate is nearing its expiry date. Here's a simple example in Python:
import requests
from requests.auth import HTTPBasicAuthf5_ip = '<F5-IP>'
username = 'admin'
password = 'password'response = requests.get(f'https://{f5_ip}/mgmt/tm/sys/file/ssl-cert', auth=HTTPBasicAuth(username, password), verify=False)
certs = response.json().get('items', [])for cert in certs:
cert_name = cert['name']
expiration_date = cert['expirationDate']
print(f"Certificate {cert_name} expires on {expiration_date}") For starters, you can keep the F5 bundle updated regularly by configuring the update interval on newer BIG-IP software versions: https://my.f5.com/manage/s/article/K000132397. This is not enabled by default, and I usually update the F5 bundle on any F5 software upgrade.
You can retrieve a list of expired SSL certificates via API calls. Please take a look at the following: https://my.f5.com/manage/s/article/K000092658#api. If you have a management system running Linux, you could easily use Python to write a script and email out a weekly report for example of active SSL certificates and how many days are remaining until expiration.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com