Forum Discussion
1 Reply
Sort By
- hooleylistCirrostratusAre you wanting to send an alert when a client cert is about to expire or when a VIP's cert is about to expire?
George
If it's a server cert, that should be logged to /var/log/ltm as of 9.1.2, per CR59595:
https://tech.f5.com/home/bigip-next/releasenotes/relnotes9_1_2.htmlenhancement
Certificate monitoring for expired or soon-to-be-expired certificates (CR59595)
The system now includes certificate monitoring to detect expired or soon-to-be expired certificates. Certificate status is now logged in /var/log/ltm, using the following format:
Certificate X in file Y expired on DATE
Certificate X in file Y will expire on DATE
This feature provides compatibility with BIG-IP 4.6 in this regard.
If you want to send an alert for a client cert, you'd need to extract the expiry date and client's email from the SSL info and then log an entry to /var/log/ltm.
You could then set up syslog-ng to send an email when such a log event occurs.
I'm not sure sending an email would be possible in 4.x, but you might try posting in the 4.x iRule forum to get more info.
Aaron