Can we get the Certificate Expiry date mail alert ?Which table comprises of complete details of certificates including expiry date?
Hello SoniaMehta ,
The KB article provides an example for your requirement,
I added global variables as mentioned below but still i am unable to see any audits logged for it though the expiry of certificates is within next 30 days.
The default of the audits for admin tasks is INFO so unless you change the cluster wide property (CWP) "audit.adminThreshold" to FINE you will not see the 30 day warnings. I would recommend that you change the CWP "trustedCert.expiryInfoAge" to 30 days if not higher.
Director, CA Support
Does Trusted cert audit details will capture for all installed certificates in policy manager?
I added trustedCert.expiryInfoAge" to 30d but still i am unable to see any expiry message in audit info details.
I've just tested this in version 9.1 with a certificate in the Manage Certificate section which will expire in 20 days, using the setting outline in the above posts. This will not track Private Keys only certificates in the Manager Certificate.
Thank you Stephen.
This is working but only if audit level is info,fine or warning.What if the audit level maintained is Severe.
How we can then configure global variable so as to get alerts of certificate expiry.
I use a cron job on the primary database node to call a shell script that looks up both client certificates and trusted certificates, then forwards the output to a service in the gateway which sends emails accordingly.
Thanks for your reply.We already configured using cron job on ssg log.
But i would like to know about the table name for certificate expiry as we are unable to fetch the Expiry date column from our database.
The experation date is not in the database tables, however the certificate 64-bit encoded pem is; which by looping through a service we can cast into a certificate x509 object allowing us to extract the expiration date (as you can see in the policy logic in the git repository referenced in the post linked to above).
I used Extract Attributes from Certificate assertion but still i am not able to see value that extracts the date.
Belos is the list of available options.Can you please guide me .
notAfter is the expiration and notBefore is the validity start datetime.
(If you look at the policy I have in github referenced in my blog you would also see that is what is being validated against to determine whether or not to send an email to the address specified in the FIP user properties.)
Thank you for your reply.
In my policy I have used Lookup certificate by name.What if i want to get to know all the certificates details which are going to get expire.Is there any way i can list them out.
2.Using notafter i am getting the datetime of expiry of the certificate but is there any way to calculate the difference between two dates so as to make email alert using policy just before 15 days of expiry.
this link has everything you are asking for