Layer7 API Management

  • Private Community

  • 1.  Monitor Certificate Expiration

    Posted Nov 03, 2015 03:27 PM

    Hi,

     

    I see there are couple of certificated going to expire sometime this month in our gateway.

     

    How do we proactively report certificate expiration automatically instead of reactive or checking manually?



  • 2.  Re: Monitor Certificate Expiration

    Posted Nov 03, 2015 04:28 PM

    A number of audits events are logged by the Gateway warning of impending certificate expiry.  Check out the Certificate Expiration Notification section of this page: Manage Certificates - CA API Gateway - 8.4 - CA Technologies Documentation .  If you want to send an alert (SNMP Trap, Email Alert to an administrator) you can write an Audit Sink Policy that checks for the audit codes (Audit Message Codes - CA API Gateway - 8.4 - CA Technologies Documentation) associated with these events and then sends an email for example.



  • 3.  Re: Monitor Certificate Expiration

    Broadcom Employee
    Posted Nov 04, 2015 08:15 AM

    Hi Like Julian is saying this is rather straight forward using and Audit Sink Policy. Se example attached.

        <wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">

            <wsp:All wsp:Usage="Required">

                <L7p:AuditRecordToXml/>

                <L7p:ComparisonAssertion>

                    <L7p:CaseSensitive booleanValue="false"/>

                    <L7p:Expression1 stringValue="${audit.component}"/>

                    <L7p:Expression2 stringValue="Trusted Certificate Store"/>

                    <L7p:Predicates predicates="included">

                        <L7p:item binary="included">

                            <L7p:CaseSensitive booleanValue="false"/>

                            <L7p:RightValue stringValue="Trusted Certificate Store"/>

                        </L7p:item>

                    </L7p:Predicates>

                </L7p:ComparisonAssertion>

                <L7p:EmailAlert>

                    <L7p:Base64message stringValue="Q29tcG9uZW50OiAke2F1ZGl0LmNvbXBvbmVudH0KTGV2ZWw6ICR7YXVkaXQubGV2ZWxTdHJ9Ck1lc3NhZ2U6ICR7YXVkaXQubWVzc2FnZX0KVGltZTogJHthdWRpdC5kZXRhaWxzLjAudGltZX0KCkRldGFpbHM6ICR7YXVkaXQuZGV0YWlscy4wLmZ1bGxUZXh0fQo="/>

                    <L7p:SmtpHost stringValue="10.73.76.178"/>

                    <L7p:Subject stringValue="CA API Gateway Email Alert | ${audit.message}"/>

                    <L7p:TargetEmailAddress stringValue="admin@organization.com"/>

                </L7p:EmailAlert>

                <L7p:FalseAssertion>

                    <L7p:Enabled booleanValue="false"/>

                </L7p:FalseAssertion>

            </wsp:All>

        </wsp:Policy>