Certificate Expiry

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Certificate Expiry

L4 Transporter

Hi Team,

May i know how to set the certificate expiry alerts to emails or any other option to get alerts on certificate expiry?

Forward trust certificate used for SSL Decryption i need to get alerts for, so please suggest.

Regards,

Sanjay S 

2 REPLIES 2

L4 Transporter

Any suggestions on this please?

Cyber Elite
Cyber Elite

@Sanjay_Ramaiah,

The firewall itself doesn't have the ability to alert you to certificates that are about to expire. It's a relatively easy thing to script using the API to check all certificates on the firewall and pull the expiry-epoch to get the certificate expiration and trigger alerts for any expiring at a specified interval from the current date.

 

api/?type=config&action=get&xpath=/config/shared/certificate

The above is an example of getting the shared certificates present on a firewall. If you create a dictionary of the result you can focus the individual certificates and read the results and analyze them fairly simply.

## Collects the shared certificate list from the firewall ##
Cert_List = requests.get('https://<firewall>/api/?type=config&action=get&xpath=/config/shared/certificate',headers=headers)

## Make a dictionary from the result ##
Certificate_Dict = xmltodict.parse(Cert_List.content)

## Analyze the Certificates ##
Certificates = Certificate_Dict['response']['result']['certificate']['entry']
    for Certificate in Certificates:
        Certificate_Name = Certificate['@name']
        Certificate_Expiration = Certificate['not-valid-after']
        Certificate_ExpiryEpoch = Certificate['expiry-epoch']
        Expiration_Date = datetime.datetime.fromtimestamp(int(Certificate_ExpiryEpoch))
        Current_Date = datetime.datetime.now()
        Date_Delta = Expiration_Date - Current_Date
        Day_Count = Date_Delta.days
        if Day_Count <=30:
            Alert_Certificate_Expiration(Certificate_Name=str(Certificate_Name),Certificate_Expiration=str(Certificate_Expiration),Date_Delta=str(Day_Count),NoAlert=NoAlert)
        else:
            log_collector.debug(Certificate_Name + " : Certificate is valid until " + str(Certificate_Expiration))

Obviously this is a snip of a much larger script that contains components that won't allow this to just be copied and pasted and ran successfully, but the base of what you're trying to do is all present.

  • 1534 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!