Certificate Alerts

Use the information in the following tables to learn about all possible certificate alerts in detail that are raised by Fault Management.

XCO Certificate Expiry Notice

31000 XCO Certificate Expiry Notice
Description Send an alert when an XCO certificate is about to expire.
Preconditions You cannot configure the system default settings in Certificate Manager component.
  • Polling frequency for certificate expiry notice is daily.
  • Monitors the following types of XCO certificate and its value:
    • App Server Certificate (of XCO): app_server_cert
    • Default Intermediate CA: default_intermediate_ca
    • Default Root CA: default_root_ca
    • Third-Party CA: third_party_ca
    • K3s Server Certificate: k3s_server_cert
    • K3s CA: k3s_ca
    • JWT Certificate: jwt_cert

The polling service sends the “CertificateExpiryNoticeAlert” notification with an expiry date.

Requirements
Alert shows the following data:
  • Certificate Type
  • Expiry Date

The following example shows an alert when an XCO certificate (for example, App Server Certificate) is about to expire:

<116>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - -
   [meta sequenceId=”47”]  
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”]  
   [alert@1916
   resource=”/App/System/Security/Certificate?type=app_server_cert”
   alertId=”31000”
   cause=”keyExpired”
   type=”securityServiceOrMechanismViolation” 
   severity=”warning”] 
   [alertData@1916  
   type=”app_server_cert”  
   expiry_date=”Sep 12 10:00:45 2022 GMT”] 
   BOMThe App Server Certificate on the application will expire soon on “Sep 12 10:00:45 2022 GMT”.
Health Response Response
{
    Resource: /App/System/Security/Certificate?type=app_server_cert
    HQI {
        Color: Yellow
        Value: 1
    }
    StatusText: The App Server Certificate on the application will expire soon on “Sep 12 10:00:45 2022 GMT”. 
}

Managed Device Certificate Expiry Notice

31001 Managed Device Certificate Expiry Notice
Description Send an alert when a certificate on the SLX device is about to expire.
Preconditions

You cannot configure the default system settings in Inventory Service.

  • Polling frequency for certificate expiry notice is daily
  • Monitors the following types of Device Certificate and its value:
    • HTTPS Server Certificate: https_server_cert
    • Syslog CA: syslog_ca
    • JWT Verifier (OAuth2): jwt_verifier

The polling service sends the “DeviceCertificateExpiryNoticeAlert” notification with an expiry date.
Requirements

Alert shows the following data:

  • Device IP
  • Certificate Type
  • Expiry Date

The following example shows an alert when a certificate (for example, HTTPS Server Certificate) is about to expire on SLX device:

<116>1 2022-10-11T22:14:15.003Z xco.machine.com FaultManager -    
   [meta sequenceId=”47”]  
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”]  
   [alert@1916  
   resource=”/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_cert” 
   alertId=”31001”  
   cause=”keyExpired”  
   type=”securityServiceOrMechanismViolation”  
   severity=”warning”]   
   [alertData@1916  
   device_ip=”10.10.10.1”    
   type=”https_server_cert”  
   expiry_date=”Sep 12 10:00:45 2022 GMT”] 
   BOMThe HTTPS Server Certificate on device “10.10.10.1” will expire soon on “Sep 12 10:00:45 2022 GMT”.
Health Response
Response
{
    Resource:/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_cert
    HQI {
        Color: Yellow
        Value: 1
    }
    StatusText: The HTTPS Server Certificate on device “10.10.10.1” will expire soon on “Sep 12 10:00:45 2022 GMT”.
}

XCO Certificate Expired

31002 XCO Certificate Expired
Description Send an alert when an XCO certificate has expired. You will not get this alert when the system is not functional.
Preconditions K3s must be up and running

Only supports non-k3s cert expiry.

  • Polling frequency for certificate expiry notice is daily
  • Monitors the following types of XCO Certificate and its value:
    • App Server Certificate (of XCO): app_server_cert
    • Default Intermediate CA: default_intermediate_ca
    • Default Root CA: default_root_ca
    • Third-Party CA: third_party_ca

When the App Server Certificate expires, you cannot communicate with XCO via REST API. Therefore, you cannot query the health status.
Requirements
Alert shows the following data:
  • Certificate Type
  • Expired Date

The following example shows an alert when an XCO certificate (for example, App Server Certificate) is expired:

<113>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - -    
   [meta sequenceId=”47”]  
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”]  
   [alert@1916  
   resource=”/App/System/Security/Certificate?type=app_server_cert” 
   alertId=”31002”  	  
   cause=”keyExpired”  
   type=”securityServiceOrMechanismViolation”  
   severity=”critical”]   
   [alertData@1916  
   type=”app_server_cert”  
   expire_date=”Sep 12 10:00:45 2022 GMT”] 
   BOMThe App Server Certificate on the application has expired on “Sep 12 10:00:45 2022 GMT”.
Health Response
Response
{
    Resource: /App/System/Security/Certificate?type=app_server_cert
    HQI {
        Color: Black
        Value: 4
    }
    StatusText: The App Server Certificate on the application has expired on “Sep 12 10:00:45 2022 GMT”.
}

Managed Device Certificate Expired

31003 Managed Device Certificate Expired
Description Send an alert when an SLX certificate has expired
Preconditions To allow the RASLog service to receive events from an SLX device, ensure the device is registered and the SLX syslog server configuration points to the XCO IP. When a syslog CA certificate expires, SLX device does not send the syslog alerts to the RASLog service.
  • Polling frequency for certificate expiry notice is daily.
  • Monitors the following types of Device Certificate and its value:
    • Syslog CA: syslog_ca
    • JWT Verifier (OAuth2): jwt_verifier

The polling service sends the “DeviceCertificateExpiredNoticeAlert” notification with an expiry date.

Requirements
Alert shows the following data:
  • Device IP
  • Certificate Type
  • Expired Date

The following example shows an alert when an SLX certificate (for example, Syslog CA) is expired:

<113>1 2022-10-11T22:14:15.003Z xco.machine.com FaultManager - -    
   [meta sequenceId=”47”]  
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”]  
   [alert@1916  
   resource=”/App/System/Security/Certificate?device_ip=10.10.10.1&type=syslog_ca” 
   alertId=”31003”  
   cause=”keyExpired”  
   type=”securityServiceOrMechanismViolation”  
   severity=”critical”]   
   [alertData@1916  
   device_ip=”10.10.10.1”    
   type=”syslog_ca”  
   expiry_date=”Sep 12 10:00:45 2022 GMT”] 
  BOMThe Syslog CA on device “10.10.10.1” has expired on “Sep 12 10:00:45 2022 GMT”
Health Response

Response

{
    Resource:/App/System/Security/Certificate?device_ip=10.10.10.1&type=syslog_ca
    HQI {
        Color: Black
        Value: 4
    }
    StatusText: The Syslog CA on device “10.10.10.1” has expired on “Sep 12 10:00:45 2022 GMT.
}

XCO Certificate Upload or Renewal

31004 XCO Certificate Upload or Renewal
Description Send an alert when a certificate is renewed.
Preconditions
  • Sends an alert for renewal of the certificates managed by XCO.
  • XCO sends a renewal alerts for the following types of certificate and its value:
    • App Server Certificate (of XCO): app_server_cert
    • Default Intermediate CA: default_intermediate_ca
    • Default Root CA: default_root_ca
    • Third-Party CA: third_party_ca
    • JWT Certificate: jwt_cert
    • K3s Server Certificate: k3s_server_cert
    • K3s CA Certificate: k3s_ca
Requirements
Alert shows the following data:
  • Certificate Type

The following example shows an alert when an XCO certificate is renewed:

Syslog RFC-5424 Example:
<118>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - -  
   [meta sequenceId=”47”]
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”]
   [alert@1916
   resource=”/App/System/Security/Certificate?type=app_server_cert”
   alertId=”31004”           
   cause=”keyGenerated”
   type=”securityServiceOrMechanismViolation”
   severity=”warning”] 
   [alertData@1916
   type=”app_server_cert”]
  BOMThe App Server Certificate on the application has bee renewed.
Health Response
Response
{
    Resource: /App/System/Security/Certificate?type=app_server_cert
    HQI {
        Color: Green
        Value: 0
    }
    StatusText: The App Server Certificate on the application has been renewed.
}

Managed Device Certificate Upload or Renewal

31005 Managed Device Certificate Upload or Renewal
Description Send an alert when a device certificate is renewed.
Preconditions
Sent an alert on renewal of following certificates on devices:
  • HTTPS Server Certificate: https_server_cert
  • JWT Verifier (OAuth2): jwt_verifier
Requirements
Alert shows the following data:
  • Device IP
  • Certificate Type

The following example shows an alert when a device certificate is renewed:

<118>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - -  
   [meta sequenceId=”47”]
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”]
   [alert@1916
   resource=”/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_cert”
   alertId=”31005”           
   cause=”keyGenerated”
   type=”securityServiceOrMechanismViolation”
   severity=”info”] 
   [alertData@1916
   device_iP=”10.10.10.1”    
   type=”https_server_cert”]
  BOMThe HTTPS Server Certificate on the device 10.10.10.1 has been renewed.
Health Response
Response
{
  Resource:/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_cert
    HQI {
        Color: Green
        Value: 0
    }
    StatusText: The HTTPS Server Certificate on the device 10.10.10.1 has been renewed.
}

Managed Device Certificate Expiration Device Removed

31008 Managed Device Certificate Expiration Device Removed
Description Send an alert when an SLX device is removed from a managed device
Preconditions

The SLX device is registered in inventory service.

  • You can run a command for device removal from inventory service.
  • Monitors the following types of Device Certificates:
    • HTTPS Server Certificate: https_server_cert
    • Syslog CA: syslog_ca
    • JWT Verifier (OAuth2): jwt_verifier

The removed device sends three alerts to clear any unhealthy state in the health service.
Requirements
Alert shows the following data:
  • Device IP
  • Certificate Type

The following example shows an alert when an SLX device is removed:

<118>1 2022-10-11T22:14:15.003Z xco.machine.com FaultManager - -   
   [meta sequenceId=”47”]  
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”]  
   [alert@1916  
   resource=”/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_cert” 
   alertId=”31008”  
   cause=”configRemoved”  
   type=”securityServiceOrMechanismViolation”  
   severity=”info”]   
   [alertData@1916  
   device_ip=”10.10.10.1”    
   type=”https_server_cert”] 
  BOMThe device 10.10.10.1 has been removed so cleaning up HTTPS Server Certificate
Health Response
Response
{
    Resource:/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_cert
    HQI {
        Color: Green
        Value: 0
    }
    StatusText: The device 10.10.10.1 has been removed so cleaning up HTTPS Server Certificate.
}
9037725-01 RevAA