Forum Discussion
Matt_H_58911
Nimbostratus
NimbostratusSNMP and SSL certs
I hope this is an easy one, I have not been able to find where this cert is.... Maybe someone can help. I monitor my F5 using SNMP as probably everyone else does. A few days ago I recieved and SSL alert that a cert was expiring
SSL certificate due to expire soon (expires on: 2009-12-10 06:52:43,cert:/C=--/ST=3DWA/L=3DSeattle/O=MyCompany/OU=3D1228891962/CN=3Ddhcp-125/emailAddress=root@dhcp-125)
Looking at the SSL Certificates it appears this is the default certificate, as it contains the same information.... Except my default cert says the experation dat is Dec 8, 2018.
My monitoring tool keeps picking the old cert up, where would this be on the F5? Maybe I can just delete it via command line as its not showing in the GUI????
Thanks,
Matt
5 Replies
hoolioCirrostratus
Hi Matt,
Which LTM version are you running? Do you see the default.crt cert under /config/ssl/ssl.crt/?
Aaron
Matt_H_58911Hoolio,
Running LTM 9.4.5 and yes I do see the defualt.crt within /config/ssl/ssl.crt/
The gui shows:
default Certificate & Key localhost.localdomain MyCompany Dec 8, 2018 <-- Expiration date- hoolioMaybe it's the GUI's cert/key then?
/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.key/server.key
Aaron - Matt_H_58911Aaron,
Yup that's what it is.... Since I added an expection in my browser it was not alerting me, just so happens our monitoring tool picked it up. I take it this is a self signed cert..... I can just sign myself another one since this url is only used for management right? - hoolioThat's correct, this is just for the admin GUI. You can also copy the default.crt/default.key and overwrite the server.crt/server.key.
Aaron
