Forum Discussion
MSurfer_152388
Nimbostratus
NimbostratusiCALL and Cert expiry dates
Hi, we have a number of LTMs with tons of certificates on them due to huge number of services deployed. How could we "use/set-up" iCALL so that we get alerted ..lets say 40 days in advance of the Cer...
Arnaud_Lemaire
Employee
EmployeeHi i'm currently working on it. Need to transform in periodic icall, and create the alerting
you can trigger the even so far with generate sys icall event MY_EVENT and review logs in tail -f /shared/tmp/scriptd.out
sys icall handler triggered certificate_handler {
script monitor_certificate
subscriptions {
sub1 {
event-name MY_EVENT
}
}
}
sys icall script monitor_certificate {
app-service none
definition {
set current_date [exec date +%s]
fake date to test
set current_date 1634204740
puts "date: $current_date"
date offset for 45 days : 45x24x60x60 = 3888000
set date_offset 3888000
set certificates [tmsh::get_config sys crypto cert]
foreach certificate [tmsh::get_config sys crypto cert] {
set certificate [lindex $certificates 0]
puts "[lindex [[$certificates 0]0]]"
set expiration [tmsh::get_field_value $certificate "expiration"]
puts "expiration: $expiration"
set exp_unix [exec date --date=$expiration +"%s"]
puts "exp unix: $exp_unix"
if { [expr ($exp_unix - $date_offset) < $current_date] } {
puts "cert warning"
} else {
puts "cert ok"
}
}
}
description none
events none
}
