Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
svori
Contributor
Contributor
Jump to solution

Notification of expiring VPN certificate

Hi,

Just recently the expiration of VPN certificates was changed from 5-6 years down to 1 year to comply with a RFC.

This is good but can be a bit tricky since also Identity Awareness use this certificate, possibly also more services.

So for example if you use Identity Awareness but not VPN blade then you must temporarily enable VPN blade, check and/or renew certificate so it is valid for another year.

Is it possible to get an notification if before the certificate expires ?

I saw a previous discussion here on Check Mates, but that was when VPN blade is enabled.

Would be very useful if for example the cluster object got a warning sign a week or two before it happens.

 

 

0 Kudos
1 Solution

Accepted Solutions
matangi
Employee
Employee

Hi @svori 

In R81.20, New alert was added for that matter.

The Management Server begins to show 'warning' status starting 60 days before the certificate expiration date.

For more details, see sk178304 - SmartConsole shows a warning or error icon near the Security Gateway / Cluster object abo....

Thanks,
Matan

View solution in original post

5 Replies
the_rock
Legend
Legend

As far as I know, you would get warning when pushing the policy about it 1 month before cert is to expire.

0 Kudos
Danny
Champion Champion
Champion

That's perfectly possible. Just script a scheduled event on your SMS that checks the postgres monitoring database and generates an email alert whenever a warning is detected.

Example for R81.20: psql_client monitoring postgres -c "select * from statuses_view"

0 Kudos
matangi
Employee
Employee

Hi @svori 

In R81.20, New alert was added for that matter.

The Management Server begins to show 'warning' status starting 60 days before the certificate expiration date.

For more details, see sk178304 - SmartConsole shows a warning or error icon near the Security Gateway / Cluster object abo....

Thanks,
Matan

the_rock
Legend
Legend

Thats EXCELLENT change @matangi 

Andy

0 Kudos
the_rock
Legend
Legend

Also, wanted to say, its GREAT to see now in web UI when you try download jumbo hotfix, if cpuse agent is not the latest version, pop-up window comes up asking to upgrade it.

AWESOME 👍👍👌👌

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events