Forum Discussion
NimbostratusSSL cert expiration email notification not working properly
Hi Guys,
I am facing an interesting issue for SSL certs expiration , even though I have deployed the configuration based on SOLK15288 (Sending an advance email alert for impending SSL certificate expiration). I am only getting email notifications for some of the certs not all. So for example if I will run the command "run sys crypto check-cert" I am getting below o/p . In the shared o/p only notifications for some of the certs I am receiving not all. In bottom of the o/p i have pasted my configuration :
CN=.customertrades.com,OU=ERCOT Trading,O=Direct Energy LP,L=Houston,ST=Texas,C=US in file /Common/MarketPro_1.crt expired on May 7 23:59:59 2017 GMT CN=.customertrades.com,OU=ERCOT Trading,O=Direct Energy LP,L=Houston,ST=Texas,C=US in file /Common/Marketpro.crt expired on May 7 23:59:59 2017 GMT CN=PowerPortfolioPreProdService.Directenergy.com,OU=IT,O=Direct Energy Marketing Limited,L=Toronto,ST=Ontario,C=CA in file /Common/PowerPortfolioPreProdService.Directenergy.com.crt expired on Jul 1 23:59:59 2017 GMT CN=PowerPortfolioService.Directenergy.com,OU=IT,O=Direct Energy Marketing Limited,L=Toronto,ST=Ontario,C=CA in file /Common/PowerPortfolioService.Directenergy.com.crt expired on Jul 1 23:59:59 2017 GMT CN=corporateappservices.directenergy.com,OU=Digital IS,O=Direct Energy Marketing Limited,L=Toronto,ST=Ontario,C=CA in file /Common/corporateapp.crt expired on Jul 26 23:59:59 2017 GMT CN=mobileoam.directenergy.com,OU=Digital IS,O=Direct Energy Marketing Limited,L=Toronto,ST=Ontario,C=CA in file /Common/mobileoam_key.crt expired on Jul 23 23:59:59 2017 GMT CN=portal.cplretailenergy.com,OU=Centrica Plc,O=Centrica Plc,street=Millstream Maidenhead Road,L=Windsor,ST=Berkshire,postalCode=SL4 5GD,C=GB,serialNumber=03033654,businessCategory=Private Organization,1.3.6.1.4.1.311.60.2.1.3=13024742 in file /Common/portal.cplretailenergy.com.crt expired on Jul 30 23:59:59 2017 GMT CN=pp.directenergy.com,OU=Direct Energy Residential,O=Direct Energy, LP,L=Houston,ST=Texas,C=US,serialNumber=800007830,businessCategory=Private Organization,1.3.6.1.4.1.311.60.2.1.2=13055465786173,1.3.6.1.4.1.311.60.2.1.3=13025553 in file /Common/pp.directenergy.com.crt expired on Apr 29 23:59:59 2017 GMT
CN=pp.firstchoicepower.com,O=Direct Energy, LP,L=Houston,ST=Texas,C=US in file /Common/pp.firstchoicepower.com.crt expired on Aug 21 23:59:59 2017 GMT
[root@rtpf502:Standby:In Sync] config more /config/user_alert.conf alert CERTIFICATE_EXPIRED "Certificate (.*) expired" { email toaddress="XXXX@directenergy.com" body="Certificate Expired on " }
alert CERTIFICATE_WILL_EXPIRE "Certificate (.*) will expire" { email toaddress="XXXX@directenergy.com" body="Certificate will Expire on " }
prSo to make it clear I am getting notifications only for below ;
corporateappservices.directenergy.com PowerPortfolioPreProdService.Directenergy.com CN=.customertrades.com,OU=ERCOT Trading,O=Direct Energy LP,L=Houston,ST=Texas,C=US' in file /Common/Marketpro.crt expired on May 7 23:59:59 2017 GMT CN=.customertrades.com,OU=ERCOT Trading,O=Direct Energy LP,L=Houston,ST=Texas,C=US' in file /Common/MarketPro_1.crt expired on May 7 23:59:59 2017 GMT
Why this is happening ?
- pr
Hi Guys/Senior members,
Can you please have a look on shared issue as I am getting hard time to solve it.
jaikumar_f5Noctilucent
Your post alignment is hard to read. QQ,
- How many certs are installed on the box ?
- How many certs are expiring in next 30 days ?
- How many certs are already expired and are on the box ?
- How many notifications have you got so far ?
- How many log entries are present in /var/log/ltm.
On the alert.conf file, I see you have configured 2 custom alerts. One for expired certs and other for expiring certs.
So it looks, it is working as expected.
- P_K
Altostratus
when you run
from CLI , How many emails you're seeing?/etc/cron.weekly/5checkcert
