Configure Certificate Expiry Alert

About this task

Certificate expiry alerts can be configured for four (4) different alert levels. These alert levels can be configured independent of each other.

Procedure

  1. Enter the configure terminal mode.
    SLX # configure terminal 
                        
  2. Configure the Info certificate expiry alert level. Here the Info level is configured and set to sixty (60) days.
    SLX (config)# crypto cert expiry-level info period 60
    SLX (config)#
                        
  3. Configure the Critical certificate expiry alert level. Here the level is configured to seven (7) days.
    SLX (config)# crypto cert expiry-level critical period 7
    SLX (config)#
                        

Results

The certificate expiry alert level is configured for the Info and Critical levels only. The other levels are not configured. In this scenario, the following RASLOG entries are generated.

From sixtieth (60) day, till the eighth (8) day you will get RASLOG with the level info once, and from the seventh (7) day you will again recieve RASLOG with the critical level info only once.

A RASLOG with the level ERROR is generated from the day the certificate expires till the day the certificate is renewed.

Note

Note

  1. This configuration is subjected to the Year 2038 Problem. On or after the 19th of January 2038 (2038-01-19), the system's internal date resets to the year 1901 and all configured cron jobs do not get started. The certificate expiry alert feature depends on the execution of a cron job, which will not work post 2038 due to the above date reset.
  2. When the system's clock is reset within the last 24 hours to the previous day, configured cron jobs will not start and therefore, certificate expiry alert will not be generated.