cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
485
Views
10
Helpful
1
Replies

PKI Certificate Monitoring

snarayanaraju
Level 4
Level 4

Hello - What is the best industry practice to keep watching on the PKI Certificates in the Cisco Routers?

In my setup we have 500+ Routers with PKI based IPSEC tunnels. We want to proactively monitor these Certificates and take action before the expiry. 

I read about the PKI Expiry Alert based on SNMP / Syslog. Is there any other way we do to monitor the Certificates expiry dates?

 

regards,Sairam
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

the one you provided 1 option, otehr one make a central database and make it process.

 

get all Certificate information based on the device and add to some DB or EXCEL - write a any scripting keep checking that data and alerts group email by 90days of expirty / 60days of expirty / 30days of expirty, this give enough time for admin to take action and renew.

 

When renew add new updated date on excel or DB.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco