Can anyone provide an example of the useralert.conf file displaying a trap for expired certificates on the Big IP? I have read the article below though it is still not clear to me on how to perform this function. Also, I have read several different methods for monitoring for expired or expiring SSL certificates though does anyone have a preference or recommendation? http://support.f5.com/kb/en-us/solutions/public/3000/700/sol3727.html

this is mine. you may have to correct the matched message in user_alert.conf. sol14318: Monitoring SSL certificate expiration on the BIG-IP system (11.x) http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14318.html sol11127: Testing SNMP traps on the BIG-IP system (9.4.x - 11.x) http://support.f5.com/kb/en-us/solutions/public/11000/100/sol11127.html e.g. // config [root@ve11a:Active:In Sync] config cat /config/user_alert.conf alert TEST "Certificate (.*) in file (.*) will expire on (.*)" { email toaddress="nitass" fromaddress="whatever" body="Help, I am going to expire." } // test [root@ve11a:Active:In Sync] config logger -p local0.warn "01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT" [root@ve11a:Active:In Sync] config // email -----Original Message----- From: root [mailto:root@ve11a.acme.local] Sent: Saturday, August 16, 2014 3:36 PM To: Nitass Subject: 01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT Help, I am going to expire.

Thanks. I have configured the user_alert.conf file as follows and used the provided solution article to test the SNMP trap though I am still not receiving email. What SMTP configuration is used when sending email from the big IP? Under system configuration > Device > SMTP I have configured my exchange server though I am not sure if this is the only configuration that needs to be made or if it is even needed. I have also validated email is flowing between my internal users so exchange is not the issue in this case. Any thoughts? alert Test "Certificate (.*) in file (.*) will expire on (.*)" { email toaddress="validemailaddress@lab.com" fromaddress="anything@lab.com" body="A certificate is about to expire" } alert Test1 "Certificate (.*) in file (.*) expired on (.*)" { email toaddress="validemailaddress@lab.com" fromaddress="anything@lab.com" body="A certificate has expired" }

What SMTP configuration is used when sending email from the big IP? Under system configuration > Device > SMTP I have configured my exchange server though I am not sure if this is the only configuration that needs to be made or if it is even needed. can you try this? sol13180: Configuring the BIG-IP system to deliver locally-generated email messages (11.x) http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13180.html

SNMP Trap for Expired Certificates

11 Replies

PeteWhite

Employee

Aug 15, 2014

"tmsh run sys crypto check-cert verbose enabled stdout enabled" will show you the certificate states

Example alert.conf entries:

* from gtmd/big3d  (CR87209)
 */
alert BIGIP_GTMD_GTMD_SSL_CERT_EXPIRED {
        snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.83";
}
alert BIGIP_GTMD_GTMD_SSL_CERT_WILL_EXPIRE {
        snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.84";
        email toaddress="anyone@anywhere.com"
        fromaddress="root"
        body="A certificate is about to expire"
}
alert BIGIP_BIG3D_BIG3D_SSL_CERT_EXPIRED {
        snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.81";
}
alert BIGIP_BIG3D_BIG3D_SSL_CERT_WILL_EXPIRE {
        snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.82";
}

nitass_89166
Noctilucent
Aug 16, 2014
this is mine. you may have to correct the matched message in user_alert.conf.

sol14318: Monitoring SSL certificate expiration on the BIG-IP system (11.x)
http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14318.html
sol11127: Testing SNMP traps on the BIG-IP system (9.4.x - 11.x)
http://support.f5.com/kb/en-us/solutions/public/11000/100/sol11127.html
e.g.

// config [root@ve11a:Active:In Sync] config cat /config/user_alert.conf alert TEST "Certificate (.*) in file (.*) will expire on (.*)" { email toaddress="nitass" fromaddress="whatever" body="Help, I am going to expire." } // test [root@ve11a:Active:In Sync] config logger -p local0.warn "01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT" [root@ve11a:Active:In Sync] config // email -----Original Message----- From: root [mailto:root@ve11a.acme.local] Sent: Saturday, August 16, 2014 3:36 PM To: Nitass Subject: 01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT Help, I am going to expire.
- Dev_56330
  Cirrus
  Aug 18, 2014
  Thanks. I have configured the user_alert.conf file as follows and used the provided solution article to test the SNMP trap though I am still not receiving email. What SMTP configuration is used when sending email from the big IP? Under system configuration > Device > SMTP I have configured my exchange server though I am not sure if this is the only configuration that needs to be made or if it is even needed. I have also validated email is flowing between my internal users so exchange is not the issue in this case. Any thoughts? alert Test "Certificate (.*) in file (.*) will expire on (.*)" { email toaddress="validemailaddress@lab.com" fromaddress="anything@lab.com" body="A certificate is about to expire" } alert Test1 "Certificate (.*) in file (.*) expired on (.*)" { email toaddress="validemailaddress@lab.com" fromaddress="anything@lab.com" body="A certificate has expired" }
nitass
Employee
Aug 16, 2014
this is mine. you may have to correct the matched message in user_alert.conf.

sol14318: Monitoring SSL certificate expiration on the BIG-IP system (11.x)
http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14318.html
sol11127: Testing SNMP traps on the BIG-IP system (9.4.x - 11.x)
http://support.f5.com/kb/en-us/solutions/public/11000/100/sol11127.html
e.g.

// config [root@ve11a:Active:In Sync] config cat /config/user_alert.conf alert TEST "Certificate (.*) in file (.*) will expire on (.*)" { email toaddress="nitass" fromaddress="whatever" body="Help, I am going to expire." } // test [root@ve11a:Active:In Sync] config logger -p local0.warn "01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT" [root@ve11a:Active:In Sync] config // email -----Original Message----- From: root [mailto:root@ve11a.acme.local] Sent: Saturday, August 16, 2014 3:36 PM To: Nitass Subject: 01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT Help, I am going to expire.
- Dev_56330
  Cirrus
  Aug 18, 2014
  Thanks. I have configured the user_alert.conf file as follows and used the provided solution article to test the SNMP trap though I am still not receiving email. What SMTP configuration is used when sending email from the big IP? Under system configuration > Device > SMTP I have configured my exchange server though I am not sure if this is the only configuration that needs to be made or if it is even needed. I have also validated email is flowing between my internal users so exchange is not the issue in this case. Any thoughts? alert Test "Certificate (.*) in file (.*) will expire on (.*)" { email toaddress="validemailaddress@lab.com" fromaddress="anything@lab.com" body="A certificate is about to expire" } alert Test1 "Certificate (.*) in file (.*) expired on (.*)" { email toaddress="validemailaddress@lab.com" fromaddress="anything@lab.com" body="A certificate has expired" }
nitass
Employee
Aug 18, 2014
What SMTP configuration is used when sending email from the big IP? Under system configuration > Device > SMTP I have configured my exchange server though I am not sure if this is the only configuration that needs to be made or if it is even needed.

can you try this?

sol13180: Configuring the BIG-IP system to deliver locally-generated email messages (11.x)

http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13180.html
- Dev_56330
  Cirrus
  Aug 19, 2014
  This was indeed the last part of the configuration. My only concern with this was the fact it said "DO NOT EDIT" this file which goes against what the solution article states. None the less, I am now receiving email alerts. Thank you!
- nitass
  Employee
  Aug 20, 2014
  based on sol13180, in 11.5.0 and later we will use tmsh command (tmsh modify sys outbound-smtp mailhub), won't we?
nitass_89166
Noctilucent
Aug 18, 2014
What SMTP configuration is used when sending email from the big IP? Under system configuration > Device > SMTP I have configured my exchange server though I am not sure if this is the only configuration that needs to be made or if it is even needed.

can you try this?

sol13180: Configuring the BIG-IP system to deliver locally-generated email messages (11.x)

http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13180.html
- Dev_56330
  Cirrus
  Aug 19, 2014
  This was indeed the last part of the configuration. My only concern with this was the fact it said "DO NOT EDIT" this file which goes against what the solution article states. None the less, I am now receiving email alerts. Thank you!
- nitass_89166
  Noctilucent
  Aug 20, 2014
  based on sol13180, in 11.5.0 and later we will use tmsh command (tmsh modify sys outbound-smtp mailhub), won't we?

Forum Discussion

SNMP Trap for Expired Certificates

11 Replies

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

LTM Certificate expire

CheckMk F5 Certificate Expiration using SNMP

Re: Management Certificate

Automating ACMEv2 Certificate Management on BIG-IP

Automate Let's Encrypt Certificates on BIG-IP