cancel
Showing results for 
Search instead for 
Did you mean: 

Certificate Expiry Email alert configuration

Viv_Richards
Cirrostratus
Cirrostratus

Here are steps to receive certificate expiry email alert

Step 1.

update /config/ user_alert.conf directory with 

alert CERTIFICATE_EXPIRED "Certificate (.*) expired" {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300";
email toaddress="xyz@domain.com"
fromaddress="Certificate_Expiry_Alert"
body="Certificate Expired on BigIP"
}

alert CERTIFICATE_WILL_EXPIRE "Certificate (.*) will expire" {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.301";
email toaddress="xyz@domain.com"
fromaddress="Certificate_Expiry_Alert"
body="Certificate will Expire on BigIP"
}

Step 2:

Update /etc/ssmtp/ssmtp.conf with below details
mailhub=mail.domain.com

To update above email kindly execute below command
tmsh modify sys outbound-smtp mailhub mail.domain.com

Verify whether it is updated correctly or not with below command

cat /etc/ssmtp/ssmtp.conf

Step 3:

Test email delivery with below command
echo "Subject: Smtp test mail" | sendmail -vs xyz@domain.com

Kindly make sure, you are able to telnet mail.domain.com at port 25 from BigIP/F5

Step 4:

Create file with below command
Vi Cert_Expiry_Alert.sh
Update Cert_Expiry_Alert file with below command
tmsh run sys crypto check-cert

Step 5:

Provide required permission to script with below command
Chmod +x Cert_Expiry_Alert.sh

Step 6:

Update crontab with below command
Crontab -e
30 13 * * * /usr/bin/bash /var/tmp/Cert_Expiry_Alert.sh

Here 30 implies minutes & 13 implies hours

This cron will be executed daily at 13:30 

# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed

More details about Cron is available at K33730915

 This solution has been tested at version 16

 

 

1 REPLY 1

LiefZimmerman
Community Manager
Community Manager

@Viv_Richards - thank you for sharing this post. I see that you also created a post in our CrowdSRC section - currently that content is reviewed by our Content Manager prior to publishing ; so it takes a few days sometimes. https://community.f5.com/t5/crowdsrc/certificate-expiry-email-alert-configuration/ta-p/300349

 

I'll lock this record and request that any continuing conversation happen on the CrowdSRC record.

Thanks again for this excellent submission.

Lief

------
Lief ZimmermanLiefZimmerman | @LiefZF5 | DevCentral Community Manager