Applies To:

Show Versions Show Versions

Manual Chapter: Managing Device Certificates
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

12 
When you use BIG-IP® Local Traffic Manager to manage your SSL traffic, you can have a large number of SSL and web certificates on many different devices in your network. Traffic certificates are server certificates that a managed device uses in its traffic management tasks. System certificates are the web certificates that allow client systems to log into the BIG-IP system Configuration utility.
To assist you in managing these certificates, Enterprise Manager provides you a summary of vital certificate information for each managed device in your network that has certificate monitoring enabled.
When you monitor a device group, you automatically monitor all of the certificates on all of the devices that are members of that device group.
Certificate monitoring is enabled by default for all managed devices. If you no longer want to monitor certain certificates, you can disable a device or device groups certificate monitoring. When you disable certificate monitoring for a device, that certificate no longer displays on the certificate list, and certificate expiration alerts are cancelled.
1.
On the Main tab, expand Enterprise Management, and click Certificates.
The Traffic Certificates list screen opens.
2.
On the menu bar, click Options.
The Certificate Options screen opens.
3.
For the Devices or Device Groups setting, in the Enabled list, click the name of a device or device group.
4.
Click the Move (>>) button.
The selected device or device group moves to the Disabled list.
5.
Click Save Changes.
Enterprise Manager no longer monitors certificates defined on the devices and device groups that you moved to the Disabled list.
1.
On the Main tab, expand Enterprise Management, and click Certificates.
The Traffic Certificates list screen opens.
2.
On the menu bar, click Options.
The Certificate Options screen opens.
3.
For the Devices or Device Groups settings, in the Disabled list, click the name of a device or device group.
4.
Click the Move (<<) button.
The selected device or device group moves to the Enabled list.
5.
Click Save Changes.
Enterprise Manager now monitors certificates defined on the devices and device groups that you moved to the Enabled list.
Using this overview can save you time over monitoring certificate expiration dates on individual Local Traffic Manager devices.
Tip: If you require additional notification for expired or expiring certificates, you can create a certificate expiration alert. For detailed instructions, see To create a certificate expiration alert.
1.
On the Main tab, expand Enterprise Management, and click Certificates.
The Traffic Certificates list screen opens (default).
2.
On the menu bar, click System Certificates to view the system certificate list.
In addition to the general certificate information, the certificate list screen also displays a status flag for each certificate. This provides you with a quick visual of the status for your certificates. Table 12.1, following, defines the status flags provided on the certificates page.
This certificate has expired. When client systems require this certificate for authentication, the client receives an expired certificate warning.
This certificate will expire in 30 days or less. The certificate is still valid, but you should take action to prevent certificate expiration.
You can sort the certificate list by clicking the respective column headings, or you can filter the list to display only certificates with a particular status flag.
1.
In the Status column, click the down arrow.
A popup menu opens, indicating the status flags.
2.
From the menu, choose a status flag.
The table changes to display only certificates that match the status flag you selected.
To view additional details about a particular certificate, click the name of a certificate to open the Certificate Properties screen.
In addition to monitoring certificate status from the certificate screens, you can also create an alert to log or send an email notification of an upcoming certificate expiration. You create a certificate expiration alert from the New Alert screen, where you can specify the devices or device groups, the notification method, and how many days before the certificate expires you want to be notified.
Important: All devices display as available from the New Alert screen, even if certificate monitoring has not been enabled for the device. If you assign an alert to a device for which certificate monitoring is not enabled, the alert will fail. Before you create a device certificate alert, F5 recommends that you first verify that certificate monitoring is enabled for the device.
1.
On the Main tab, expand Enterprise Management, click Alerts, and select Device Alerts.
The Device Alerts list screen opens.
2.
Above the alert list, click Create.
The New Alert screen opens.
3.
In the General Properties area, in the Name box, type a name for the alert, as you want it to appear in the Device Alerts screen.
Note: Once you create the alert, you cannot change the name.
4.
From the Alert Type list, select Certificate Expiration.
5.
For the Condition option, check the box next to the number of days, before the certificate expires, that you want to be notified. You can also enter a customized number of days.
6.
In the Action section, check the box next to the type of notification you want to receive.
7.
If you selected the option to send an email, then for Email Recipient, you can choose to use the default email recipient, or type the email address of a specific user:
8.
If you selected the option to log a remote syslog event, then for Syslog Server Address, you can choose to use the default syslog server address, or type the server address of a different remote server:
a)
For either the Devices or Device Groups setting, click a device or device group in the Available box to select it.
b)
Click the Move button (<<) to move the selected devices or device groups to the Assigned box.
The alert now applies to devices and device groups listed in the Assigned box.
10.
Click Finished.
The Device Alerts screen opens, and the new alert appears in the list.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)