Manual Chapter : SSL Certificate Monitoring

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.0.0
Manual Chapter

How do I monitor SSL certificate expiration dates for my managed devices?

When you manage BIG-IP® devices that load balance SSL traffic, you must monitor both their SSL traffic and SSL system certificates. Traffic certificates are server certificates that a device uses for traffic management tasks. System certificates are the web certificates that allow client systems to log in to the BIG-IP Configuration utility.

BIG-IQ® imports the certificates for every managed BIG-IP device you discover. This makes it easy to monitor the expiration dates all of your devices' SSL certificates from one location.

You can also:

  • Set up alerts to let you know when a certain certificate is about to expire within a specified number of days.
  • Download the data to a CSV file for reporting purposes.

Configuring SMTP for sending alerts

You must configure a DNS server before you can specify an SMTP server.

You set up an SMTP server to send email to alert certain people when a specific condition happens, such as when an SSL certificate is about to expire.
  1. Log in to the BIG-IQ® system with your user name and password.
  2. At the top left of the screen, select System Management from the BIG-IQ menu.
  3. At the top of the screen, click Inventory.
  4. On the left, click LOCAL HOST SETTINGS > SMTP Configuration .
  5. Click the Add button at the upper right of the screen.
  6. In the Name field, type a name for this SMTP configuration.
  7. In the SMTP Server Host and SMTP Server Port fields, type the SMTP server and TCP port.
    By default, SMTP uses TCP 25.
  8. In the From Email Address field, type the email address from which to send the alert email.
  9. From the Encryption list, select the type of encryption to use for the email.
  10. To require a user name and password, from the Use Auth list, select Yes, and type the required user name and password.
  11. Click the Save button at the bottom of the screen.
  12. For the SMTP Email Recipients setting, click the Add button.
  13. In the Name and Email Address fields, type the name and the email address for the person you want to receive an email when a specified alert condition is met.
  14. To add more recipients, click +.
  15. When you're done adding email recipients for alerts, click the Save button at the bottom of the screen.
  16. To verify that you can reach the server you configured, click the Edit button at the upper right of the screen, and click the Test Connection button.
    You must specify at least one email recipient to test the connection.
You can now set up the alert conditions that prompt the BIG-IQ® system to send an email when a certain event happens on a managed device.

Monitoring SSL certificate expiration dates

You must have discovered at least one device before any certificates display in the Certificate Management inventory.

You must also set up SMTP to receive notifications for alerts.

SSL certificates have a set expiration date, and do not renew automatically. So it is important to monitor the SSL certificate's expiration dates for your managed devices.
  1. Log in to the BIG-IQ® system with your user name and password.
  2. At the top left of the screen, select Device Management from the BIG-IQ menu.
  3. At the top of the screen, click Operations.
  4. On the left, click CERTIFICATE MANAGEMENT.
  5. Click the Alert Settings button.
  6. For the Device Certificate Expiration condition, select the Enabled check box, and in the Threshold field, type the number of days notice you want before the certificate expires.
  7. To receive an alert when a certificate has expired, for the Device Certificate Expired setting, select the Enabled check box.
  8. Click the Save button at the bottom of the screen.
If an SSL certificate is about to expire, or has expired, immediately contact the owner of the device.