Does anyone have any bright ideas on how to get proactive alerts prior to certificates expiring. on things like CUCM, CUPS, conductor, VCS etc.
so what I am after is for instance an email alert, alerting the sys admins, say, 1 month in advance that a security certificate is about to expire, so a new one can be uploaded in a controlled manner, rather that the cert expiring and breaking TLS on trunks for instance.
Please note that these are for certs that are internally signed, so I cant to for instance rapidSSL cert tracking
Guaranteed rating on anyone with a meaningful answer
CUCM and other products that share the same blueprint already do that
Certificates should be regenerated before they expire. When the certificates are about to expire you will receive warnings in RTMT (Syslog Viewer) and an email with notification will be sent if configured.
You can also set up CertMon, I cant remember the exact name right now, but you view it from the same place where you do other cert steps.
If i remember right this allows you to setup a point at which you get an "early warning" on an upcoming expiring date.
Just looked it up...it is called Certificate Monitor and here is how you set it up.
Use this procedure to configure your system to automatically send you an email message when a certificate is close to its expiration date.
|Step 1||From Cisco Unified OS Administration, choose Security > Certificate Monitor.|
|Step 2||In the Notification Start Time, enter a numeric value. This value is the number of days before you receive a notification through email.|
|Step 3||In the Notification Frequency, enter a numeric value and choose Days or Hours.|
|Step 4||(Optional)Check Enable E-mail notification, and then enter email addresses in the E-mail IDs field.|
|Step 5||Click Save.|
If you're still watching this thread... can you please tell me what IP/URL you point PRTG to so you can monitor certs?
The certificates presented for the web administration consoles are not the same certificates used for Jabber for example, and I haven't been able to find what IP/port to point a PRTG SSL sensor to so I can monitor the tomcat cert.
Did you figure it out? I need a way to list all CUCM cert expiration dates. I have AXL working, but I don't find a 'get cert list' or anything similar. I was hoping there was a way with CLI or even SQL. Too many to do via GUI.
I really need a way to put all the certs from my 50 nodes into one big spreadsheet so I can sort by the upcoming expiration dates. So I was looking for AXL or CLI or even SQL, as I can script that. I start it, go do something else for 20 minutes, come back and import the list.
I found a way to do it in CLI but it's messy and needs a bunch of tweaking. If SQL can list them out with exp dates that would be a nice improvement. Or if AXL could pull a list with dates that would be the easiest. Hey can AXL run SQL queries? I think I heard that it can....
Any ideas for how to capture this list?