Forum Discussion

Zuke_254875's avatar
Icon for Altostratus rankAltostratus
Feb 05, 2019

Triggering SNMP traps for SSL Certificates

I've read a few different SOL articles and posts here on DevCentral on how to generate SNMP traps locally from the F5. We use Solarwinds for SNMP alert notification (not sure if that's relevant or not)

Last week, I ran the command

tmsh run sys crypto check-cert ignore-large-cert-bundles enabled
command on a guest with one expiring certificate and that triggered an email. I have the email. It's real.

I haven't generate that trap with that identical command on the same guest, or other guests. Here is the email and the output of /config/user_alert.conf file.

[username@f5-guest:/S1-green-P:Standby:In Sync] ~   cat  /config/user_alert.conf 
alert CERTIFICATE_EXPIRED "Certificate (.*) expired" {
snmptrap OID="."

alert CERTIFICATE_WILL_EXPIRE "Certificate (.*) will expire" {
snmptrap OID="."