Forum Discussion
MSurfer_152388
Nimbostratus
NimbostratusiCALL and Cert expiry dates
Hi, we have a number of LTMs with tons of certificates on them due to huge number of services deployed. How could we "use/set-up" iCALL so that we get alerted ..lets say 40 days in advance of the Cer...
Arnaud_Lemaire
Employee
EmployeeHere is the final code. periodic handler is calling the script every day. you can activate the script with "generate sys icall event CHECK_CERT". If cert is close to 45 days, log will be send in /var/log/ltm that you can syslog to you supervision infrastructure.
sys icall handler periodic certificate_periodic_handler {
first-occurrence 2014-09-26:21:57:49
interval 86400
script monitor_certificate
}
sys icall handler triggered certificate_handler {
script monitor_certificate
subscriptions {
sub1 {
event-name CHECK_CERT
}
}
}
sys icall script monitor_certificate {
app-service none
definition {
set current_date [exec date +%s]
puts "date: $current_date"
date offset for 45 days : 45x24x60x60 = 3888000
set date_offset 3888000
foreach certificate [tmsh::get_config sys crypto cert] {
set expiration [tmsh::get_field_value $certificate "expiration"]
puts "expiration: $expiration"
set exp_unix [exec date --date=$expiration +"%s"]
puts "exp unix: $exp_unix"
set cert_name [tmsh::get_name $certificate]
if { [expr ($exp_unix - $date_offset) < $current_date] } {
puts "cert warning: $cert_name close to expiration date"
exec logger -p local0.notice "Certificate Warning: $cert_name close to expiration date"
} else {
puts "cert ok: $cert_name"
}
}
}
description none
events none
}
