Forum Discussion

gdoyle

Cirrostratus

Apr 30, 2018

Health Monitor for an expired SSL Certificate?

Is it possible to monitor pool members (or, I suppose, a VIP) for an expired SSL Certificate? Thanks.

LTM

security

wsanders_233261

Nimbostratus

Apr 30, 2018

I find the Nagios check_http plugin to be the easiest and most reliable way of doing it. You can grovel through the output of openssl s_client also but the output from each cert and each version of openssl may be just a little bit different. You also get advance notice of certificate expiration; presumably you might find it helpful in advance so you can renew before it expires.

Like jaikumar said the F5 http monitor can't do this by itself. You could fashion a test cgi page in your http server to return an HTTP status based on the certificate validity but that's overthinking it, but that would be too much work for me. AFAIK the F5 ignores the validity of the SSL cert on the inside, as long as it exists.

Forum Discussion

Health Monitor for an expired SSL Certificate?

Recent Discussions

Open Redirection Mitigation

Azure DP-100 Exam Questions

GTM Packet Capture command

Wildcard SSL Certificate Deployment on F5 LTM

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Related Content

LTM Certificate expire

CheckMk F5 Certificate Expiration using SNMP

Re: Management Certificate

Expired ssl warning

Certificate Expiry Email alert configuration