Block Web Application when SSL cert expires

Question

Hello,&nbsp;
&nbsp;Is there a way to check the expiry date for the SSL certificate installed on the F5 LTM?  Can F5 stop forwarding to the pool members if the cert is expired?&nbsp;
&nbsp;Please advice.&nbsp;
&nbsp;Thanks.&nbsp;

hooleylist · Answer

In more recent LTM versions, a message is logged and an SNMP trap/email can be generated when a cert is going to expire within 30 days or has already expired.  This is described in SOL7574
&nbsp;(Click here).&nbsp;
&nbsp;I'm not sure there is a way to get details on the cert the LTM is presenting to clients in an iRule.  If there isn't, you might be able to write an iControl program which checks the the validity of each virtual server's SSL certificate and disables the VIP if it is expired.&nbsp;
&nbsp;But I would think/hope getting a 30 day notice the cert is about to expire would allow you to avoid the failure altogether.&nbsp;
&nbsp;Aaron

Forum Discussion

Block Web Application when SSL cert expires

1 Reply

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

Server cert expired

question of limitation and expiration for rest api token

Block admin URLs for internet users only

Blocking domains

Application tunnel Failed to download configuration