Forum Discussion
thagmann_128177
Nimbostratus
NimbostratusSSL Certificate Expiration
Guys,
2 Questions.
1.) What is the best way for me to monitor when my SSL Certs expire on the BIGIP? Is there an iControl Interface and/or SNMP MIB value that I could pu...
Tom,
I'm not sure about the MIB value (you'll have to dig through the MIB or contact Product Tech support to help out there). In the iControl interfaces, you can get the information in the Management::KeyCertificate interface (9.x) and the ITCMManagement::KeyCertificate interface (4.x). Here are the methods for 9.x:
enum ManagementModeType {
MANAGEMENT_MODE_DEFAULT = 0,
MANAGEMENT_MODE_WEBSERVER = 1
};
struct CertificateDetail {
Certificate cert_info;
CertificateType cert_type;
KeyType key_type;
long bit_length;
long version;
String serial_number;
String expiration_string;
String expiration_date;
X509Data subject;
X509Data issuer;
};
struct CertificateInformation {
boolean is_bundled;
string file_name;
CertificateDetails certificate;
};
CertificateInformation[]
Management::KeyCertificate::get_certificate_list(
in ManagementModeType mode
);
I didn't dig into all the structures but this should get you going. You want to look at either the expiration_string or expiration_date values to get what you want. I believe the numeric version is the number of seconds since the epoch, which you can use to seed the common time functions.
As for specific counters, we really don't have a master list aside from the Tree Navigation in the SDK. If it is not intuitive where to find things then we would like to hear about it. In the case of Certificate Management, we've included them in the Management interface.
Let us know if this helps...
-Joe
