Certificate Alerts

Use the information in the following tables to learn about all possible certificate alerts in detail that are raised by Fault Management.

XCO Certificate Expiry Notice

31000 XCO Certificate Expiry Notice
Description Send an alert when an XCO certificate is about to expire.
Preconditions You cannot configure the system default settings in Certificate Manager component.
  • Polling frequency for certificate expiry notice is daily.
  • Monitors the following types of XCO certificate and its value:
    • App Server Certificate (of XCO): app_server_certificate
    • Default Intermediate CA: default_intermediate_ca
    • Default Root CA: default_root_ca
    • Third-Party CA: third_party_ca
    • K3s Server Certificate: k3s_server_certificate
    • K3s CA: k3s_ca
    • JWT Certificate: jwt_certificate

The polling service sends the “CertificateExpiryNoticeAlert” notification with an expiry date.

Requirements
Alert shows the following data:
  • Certificate Type
  • Expiry Date

The following example shows an alert when an XCO certificate (for example, App Server Certificate) is about to expire:

<116>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - -
   [meta sequenceId=”47”]  
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.4.0”]  
   [alert@1916
   resource=”/App/System/Security/Certificate?type=app_server_certificate”
   alertId=”31000”
   cause=”keyExpired”
   type=”securityServiceOrMechanismViolation” 
   severity=”warning”] 
   [alertData@1916  
   type=”app_server_certificate”  
   expiry_date=”Sep 12 10:00:45 2022 GMT”] 
   BOMThe App Server Certificate on the application will expire soon on “Sep 12 10:00:45 2022 GMT”.
Health Response Response
{
    Resource: /App/System/Security/Certificate?type=app_server_certificate
    HQI {
        Color: Yellow
        Value: 2
    }
    StatusText: The App Server Certificate on the application will expire soon on “Sep 12 10:00:45 2022 GMT”. 
}

Managed Device Certificate Expiry Notice

31001 Managed Device Certificate Expiry Notice
Description Send an alert when a certificate on the SLX device is about to expire.
Preconditions

You cannot configure the default system settings in Inventory Service.

  • Polling frequency for certificate expiry notice is daily
  • Monitors the following types of Device Certificate and its value:
    • HTTPS Server Certificate: https_server_certification
    • Syslog CA: syslog_ca
    • JWT Verifier (OAuth2): jwt_verifier

The polling service sends the “DeviceCertificateExpiryNoticeAlert” notification with an expiry date.
Requirements

Alert shows the following data:

  • Device IP
  • Certificate Type
  • Expiry Date

The following example shows an alert when a certificate (for example, HTTPS Server Certificate) is about to expire on SLX device:

<116>1 2022-10-11T22:14:15.003Z xco.machine.com FaultManager -    
   [meta sequenceId=”47”]  
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.4.0”]  
   [alert@1916  
   resource=”/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_certification” 
   alertId=”31001”  
   cause=”keyExpired”  
   type=”securityServiceOrMechanismViolation”  
   severity=”warning”]   
   [alertData@1916  
   device_ip=”10.10.10.1”    
   type=”https_server_certification”  
   expiry_date=”Sep 12 10:00:45 2022 GMT”] 
   BOMThe HTTPS Server Certificate on device “10.10.10.1” will expire soon on “Sep 12 10:00:45 2022 GMT”.
Health Response
Response
{
    Resource:/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_certification
    HQI {
        Color: Yellow
        Value: 2
    }
    StatusText: The HTTPS Server Certificate on device “10.10.10.1” will expire soon on “Sep 12 10:00:45 2022 GMT”.
}

XCO Certificate Expired

31002 XCO Certificate Expired
Description Send an alert when an XCO certificate has expired. You will not get this alert when the system is not functional.
Preconditions K3s must be up and running

Only supports non-k3s cert expiry.

  • Polling frequency for certificate expiry notice is daily
  • Monitors the following types of XCO Certificate and its value:
    • App Server Certificate (of XCO): app_server_certificate
    • Default Intermediate CA: default_intermediate_ca
    • Default Root CA: default_root_ca
    • Third-Party CA: third_party_ca

When the App Server Certificate expires, you cannot communicate with XCO via REST API. Therefore, you cannot query the health status.
Requirements
Alert shows the following data:
  • Certificate Type
  • Expired Date

The following example shows an alert when an XCO certificate (for example, App Server Certificate) is expired:

<113>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - -    
   [meta sequenceId=”47”]  
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.4.0”]  
   [alert@1916  
   resource=”/App/System/Security/Certificate?type=app_server_certificate” 
   alertId=”31002”  	  
   cause=”keyExpired”  
   type=”securityServiceOrMechanismViolation”  
   severity=”critical”]   
   [alertData@1916  
   type=”app_server_certificate”  
   expire_date=”Sep 12 10:00:45 2022 GMT”] 
   BOMThe App Server Certificate on the application has expired on “Sep 12 10:00:45 2022 GMT”.
Health Response
Response
{
    Resource: /App/System/Security/Certificate?type=app_server_certificate
    HQI {
        Color: Black
        Value: 5
    }
    StatusText: The App Server Certificate on the application has expired on “Sep 12 10:00:45 2022 GMT”.
}

Managed Device Certificate Expired

31003 Managed Device Certificate Expired
Description Send an alert when an SLX certificate has expired
Preconditions To allow the RASLog service to receive events from an SLX device, ensure the device is registered and the SLX syslog server configuration points to the XCO IP. When a syslog CA certificate expires, SLX device does not send the syslog alerts to the RASLog service.
  • Polling frequency for certificate expiry notice is daily.
  • Monitors the following types of Device Certificate and its value:
    • Syslog CA: syslog_ca
    • JWT Verifier (OAuth2): jwt_verifier

The polling service sends the “DeviceCertificateExpiredNoticeAlert” notification with an expiry date.

Requirements
Alert shows the following data:
  • Device IP
  • Certificate Type
  • Expired Date

The following example shows an alert when an SLX certificate (for example, Syslog CA) is expired:

<113>1 2022-10-11T22:14:15.003Z xco.machine.com FaultManager - -    
   [meta sequenceId=”47”]  
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.4.0”]  
   [alert@1916  
   resource=”/App/System/Security/Certificate?device_ip=10.10.10.1&type=syslog_ca” 
   alertId=”31003”  
   cause=”keyExpired”  
   type=”securityServiceOrMechanismViolation”  
   severity=”critical”]   
   [alertData@1916  
   device_ip=”10.10.10.1”    
   type=”syslog_ca”  
   expiry_date=”Sep 12 10:00:45 2022 GMT”] 
  BOMThe Syslog CA on device “10.10.10.1” has expired on “Sep 12 10:00:45 2022 GMT”
Health Response

Response

{
    Resource:/App/System/Security/Certificate?device_ip=10.10.10.1&type=syslog_ca
    HQI {
        Color: Black
        Value: 5
    }
    StatusText: The Syslog CA on device “10.10.10.1” has expired on “Sep 12 10:00:45 2022 GMT.
}

XCO Certificate Upload or Renewal

31004 XCO Certificate Upload or Renewal
Description Send an alert when a certificate is renewed.
Preconditions
  • Sends an alert for renewal of the certificates managed by XCO.
  • XCO sends a renewal alerts for the following types of certificate and its value:
    • App Server Certificate (of XCO): app_server_certificate
    • Default Intermediate CA: default_intermediate_ca
    • Default Root CA: default_root_ca
    • Third-Party CA: third_party_ca
    • JWT Certificate: jwt_certificate
    • K3s Server Certificate: k3s_server_certificate
    • K3s CA Certificate: k3s_ca
Requirements
Alert shows the following data:
  • Certificate Type

The following example shows an alert when an XCO certificate is renewed:

Syslog RFC-5424 Example:
<118>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - -  
   [meta sequenceId=”47”]
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.4.0”]
   [alert@1916
   resource=”/App/System/Security/Certificate?type=app_server_certificate”
   alertId=”31004”           
   cause=”keyGenerated”
   type=”securityServiceOrMechanismViolation”
   severity=”warning”] 
   [alertData@1916
   type=”app_server_certificate”]
  BOMThe App Server Certificate on the application has bee renewed.
Health Response
Response
{
    Resource: /App/System/Security/Certificate?type=app_server_certificate
    HQI {
        Color: Green
        Value: 0
    }
    StatusText: The App Server Certificate on the application has been renewed.
}

Managed Device Certificate Upload or Renewal

31005 Managed Device Certificate Upload or Renewal
Description Send an alert when a device certificate is renewed.
Preconditions
Sent an alert on renewal of following certificates on devices:
  • HTTPS Server Certificate: https_server_certification
  • JWT Verifier (OAuth2): jwt_verifier
Requirements
Alert shows the following data:
  • Device IP
  • Certificate Type

The following example shows an alert when a device certificate is renewed:

<118>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - -  
   [meta sequenceId=”47”]
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.4.0”]
   [alert@1916
   resource=”/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_certification”
   alertId=”31005”           
   cause=”keyGenerated”
   type=”securityServiceOrMechanismViolation”
   severity=”info”] 
   [alertData@1916
   device_iP=”10.10.10.1”    
   type=”https_server_certification”]
  BOMThe HTTPS Server Certificate on the device 10.10.10.1 has been renewed.
Health Response
Response
{
  Resource:/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_certification
    HQI {
        Color: Green
        Value: 0
    }
    StatusText: The HTTPS Server Certificate on the device 10.10.10.1 has been renewed.
}

XCO Certificate Unreadable Alert

31006 XCO Certificate Unreadable Alert
Description Send an alert when XCO is unable to read the certificate.
Preconditions Certificate Manager Component (Monitor & Auth Service) has system default settings that are NOT user-configurable.
  • Polling frequency for certificate expiry notice: daily
  • Monitors the following XCO Certificate Types:
    • App Server Certificate (of XCO): app_server_certificate
    • Default Intermediate CA: default_intermediate_ca
    • Default Root CA: default_root_ca
    • Third-Party CA: third_party_ca
    • K3s Server Certificate: k3s_server_certificate
    • K3s CA: k3s_ca
    • JWT Certificate: jwt_certificate
    • GlusterFS certficate: glusterfs_certficate
    • Galera Certificate: galera_certificate

The "DeviceCertificateUnreadableAlert" event notification is sent out daily with error message when XCO is unable to read a certificate of a particular type. The fault engine will process this event.
Requirements
Alert shows the following data:
  • Certificate Type
  • Error

The following example shows an alert when XCO is unable to read a certificate:

Syslog RFC-5424 Example:
<116>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - - 
   [meta sequenceId=”47”]   
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.5.0”]   
   [alert@1916 
   resource=”/App/System/Security/Certificate?type=app_server_certificate” 
   alertId=”31006” 
   cause=”keyExpired” 
   type=”securityServiceOrMechanismViolation”  
   severity=”warning”]  
   [alertData@1916   
   type=”app_server_certificate”   
   error=”Unable to read the expiration date of certificate”]  
   BOMUnable to read app_server_certificate on the application due to Unable to read the expiration date of certificate.
Health Response
Response
{ 
    Resource: /App/System/Security/Certificate?type=app_server_certificate
    HQI { 
        Color: Yellow 
        Value: 2 
    } 
    StatusText: Unable to read app_server_certificate on the application due to Unable to read the expiration date of certificate”.  
}

XCO Device Certificate Unreadable Alert

31007 XCO Device Certificate Unreadable Alert
Description Send an alert when XCO is unable to read the device certificate.
Preconditions Certificate Manager Component (Monitor & Auth Service) has system default settings that are NOT user-configurable.
  • Polling frequency for certificate expiry notice: daily
  • Monitors the following XCO Certificate Types:
    • HTTPS Server certificate: https_server_certficate
    • JWT Verifier: jwt_verifier
    • Syslog CA: syslog_ca

The "DeviceCertificateUnreadableAlert" event notification is sent out daily with error message when XCO is unable to read a certificate of a particular type on a particular device. The fault engine will process this event.
Requirements
Alert shows the following data:
  • Certificate Type
  • Device IP
  • Error

The following example shows an alert when when XCO is unable to read the device certificate:

Syslog RFC-5424 Example:
<116>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - - 
   [meta sequenceId=”47”]   
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.5.0”]   
   [alert@1916 
   resource=”/App/System/Security/Certificate?type=https_server_certificate&device_ip=10.20.30.40” 
   alertId=”31007” 
   cause=”keyExpired” 
   type=”securityServiceOrMechanismViolation”  
   severity=”warning”]  
   [alertData@1916   
   type=”app_server_certificate” 
   device_ip=”10.20.30.40”  
   error=”Unable to read the certificate”]  
   BOMUnable to read https_server_certificate on the device 10.20.40.40 due to Certificate is not available.
Health Response
Response
{ 
    Resource: /App/System/Security/Certificate?type=https_server_certificate&device_ip=10.20.30.40
    HQI { 
        Color: Yellow 
        Value: 2 
    } 
    StatusText: Unable to read https_server_certificate on the device 10.20.30.40 due to Certificate is not available”.  
}

Managed Device Certificate Expiration Device Removed

31008 Managed Device Certificate Expiration Device Removed
Description Send an alert when an SLX device is removed from a managed device
Preconditions

The SLX device is registered in inventory service.

  • You can run a command for device removal from inventory service.
  • Monitors the following types of Device Certificates:
    • HTTPS Server Certificate: https_server_certification
    • Syslog CA: syslog_ca
    • JWT Verifier (OAuth2): jwt_verifier

The removed device sends three alerts to clear any unhealthy state in the health service.
Requirements
Alert shows the following data:
  • Device IP
  • Certificate Type

The following example shows an alert when an SLX device is removed:

<118>1 2022-10-11T22:14:15.003Z xco.machine.com FaultManager - -   
   [meta sequenceId=”47”]  
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.4.0”]  
   [alert@1916  
   resource=”/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_certification” 
   alertId=”31008”  
   cause=”configRemoved”  
   type=”securityServiceOrMechanismViolation”  
   severity=”info”]   
   [alertData@1916  
   device_ip=”10.10.10.1”    
   type=”https_server_certification”] 
  BOMThe device 10.10.10.1 has been removed so cleaning up HTTPS Server Certificate
Health Response
Response
{
    Resource:/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_certification
    HQI {
        Color: Green
        Value: 0
    }
    StatusText: The device 10.10.10.1 has been removed so cleaning up HTTPS Server Certificate.
}
9038968-00 Rev AB