About this task
Certificate expiry alerts can be configured for four (4) different alert levels. These alert
levels can be configured independent of each other.
Procedure
-
Enter the configure terminal mode.
-
Configure the Info certificate expiry alert level. Here the
Info level is configured and set to sixty (60) days.
SLX (config)# crypto cert expiry-level info period 60
SLX (config)#
-
Configure the Critical certificate expiry alert level. Here the level is
configured to seven (7) days.
SLX (config)# crypto cert expiry-level critical period 7
SLX (config)#
Results
The certificate expiry alert level is configured for the Info and
Critical levels only. The other levels are not configured. In this scenario, the
following RASLOG entries are generated.
From sixtieth (60) day, till the eighth (8) day you will get RASLOG with the level
info once, and from the seventh (7) day you will again recieve RASLOG with the
critical level info only once.
A RASLOG with the level ERROR is generated from the day the certificate expires
till the day the certificate is renewed.
Note
-
This configuration is subjected to the Year 2038 Problem. On or after
the 19th of January 2038 (2038-01-19), the system's internal date resets to the
year 1901 and all configured cron jobs do not get started. The certificate expiry
alert feature depends on the execution of a cron job, which will not work post 2038
due to the above date reset.
-
When the system's clock is reset within the last 24 hours to the previous day,
configured cron jobs will not start and therefore, certificate expiry alert will
not be generated.
