Forum Discussion
Dev_56330
Cirrus
CirrusSNMP Trap for Expired Certificates
Can anyone provide an example of the useralert.conf file displaying a trap for expired certificates on the Big IP? I have read the article below though it is still not clear to me on how to perform ...
this is mine. you may have to correct the matched message in user_alert.conf.
sol14318: Monitoring SSL certificate expiration on the BIG-IP system (11.x)
http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14318.htmlsol11127: Testing SNMP traps on the BIG-IP system (9.4.x - 11.x)
http://support.f5.com/kb/en-us/solutions/public/11000/100/sol11127.htmle.g.
// config [root@ve11a:Active:In Sync] config cat /config/user_alert.conf alert TEST "Certificate (.*) in file (.*) will expire on (.*)" { email toaddress="nitass" fromaddress="whatever" body="Help, I am going to expire." } // test [root@ve11a:Active:In Sync] config logger -p local0.warn "01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT" [root@ve11a:Active:In Sync] config // email -----Original Message----- From: root [mailto:root@ve11a.acme.local] Sent: Saturday, August 16, 2014 3:36 PM To: Nitass Subject: 01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT Help, I am going to expire.
PeteWhite
Employee
Employee"tmsh run sys crypto check-cert verbose enabled stdout enabled" will show you the certificate states
Example alert.conf entries:
* from gtmd/big3d (CR87209)
*/
alert BIGIP_GTMD_GTMD_SSL_CERT_EXPIRED {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.83";
}
alert BIGIP_GTMD_GTMD_SSL_CERT_WILL_EXPIRE {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.84";
email toaddress="anyone@anywhere.com"
fromaddress="root"
body="A certificate is about to expire"
}
alert BIGIP_BIG3D_BIG3D_SSL_CERT_EXPIRED {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.81";
}
alert BIGIP_BIG3D_BIG3D_SSL_CERT_WILL_EXPIRE {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.82";
}