Forum Discussion

Dev_56330's avatar
Dev_56330
Icon for Cirrus rankCirrus
Aug 15, 2014

SNMP Trap for Expired Certificates

Can anyone provide an example of the useralert.conf file displaying a trap for expired certificates on the Big IP? I have read the article below though it is still not clear to me on how to perform ...
  • nitass_89166's avatar
    Aug 16, 2014

    this is mine. you may have to correct the matched message in user_alert.conf.

    sol14318: Monitoring SSL certificate expiration on the BIG-IP system (11.x)

    http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14318.html

    sol11127: Testing SNMP traps on the BIG-IP system (9.4.x - 11.x)

    http://support.f5.com/kb/en-us/solutions/public/11000/100/sol11127.html

    e.g.

    // config
    
    [root@ve11a:Active:In Sync] config  cat /config/user_alert.conf
    alert TEST "Certificate (.*) in file (.*) will expire on (.*)" {
       email toaddress="nitass"
       fromaddress="whatever"
       body="Help, I am going to expire."
    }
    
    // test
    
    [root@ve11a:Active:In Sync] config  logger -p local0.warn "01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT"
    [root@ve11a:Active:In Sync] config 
    
    // email
    
    -----Original Message-----
    From: root [mailto:root@ve11a.acme.local] 
    Sent: Saturday, August 16, 2014 3:36 PM
    To: Nitass
    Subject: 01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT
    
    Help, I am going to expire.