Topic
4 replies Latest Post - ‏2013-03-04T15:55:11Z by SystemAdmin
SystemAdmin
SystemAdmin
6772 Posts
ACCEPTED ANSWER

Pinned topic Query related to Crypto Certificate Monitor?

‏2013-02-23T11:06:47Z |
Hi all,

I have expired and about to expiry certificates in one of my application domain, just i want to monitor the certificates that which are expired and about expire for that i enabled Crypto Certificate Monitor in default domain with debug log level as Warning and also created a file log target which subscribes to "cert-monitor" and evrent priority is warning.
after that i disabled and enabled Certificate Monitor to scan all certificates status, even though i have expired and about to exipre certificates un able to see any logs and also log target is not being triggred. any thing else needs to be done from configuration side? kindly help me on this ASAP.

Thanks in Adv

Regards,
Naren
Updated on 2013-03-04T15:55:11Z at 2013-03-04T15:55:11Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    6772 Posts
    ACCEPTED ANSWER

    Re: Query related to Crypto Certificate Monitor?

    ‏2013-02-26T13:07:52Z  in response to SystemAdmin
    Aany one who have idea regarding crypto certificate monitor kindly give a suggestion asap!!!!!!!!

    Thanks in adv
    • swlinn
      swlinn
      1344 Posts
      ACCEPTED ANSWER

      Re: Query related to Crypto Certificate Monitor?

      ‏2013-02-26T18:38:29Z  in response to SystemAdmin
      I just disabled/enabled the cert-monitor object on my 5.0.0.x appliance and in the default log of the default domain I see these cert-monitor logs. In my case there are a number of domains that are throwing continual connection error logs and the main log rolled, but I was able to find them in the logtemp:// directory on one of the archived files. So if that is not the case where your logs are, the obvious questions come to mind: firmware version, export of log target object, etc.

      Regards,
      Steve
  • inestlerode
    inestlerode
    166 Posts
    ACCEPTED ANSWER

    Re: Query related to Crypto Certificate Monitor?

    ‏2013-02-27T18:35:17Z  in response to SystemAdmin
    > I have expired and about to expiry certificates in one of my application domain, just i want to monitor the certificates that
    > which are expired and about expire

    It is also worth pointing out that the Certificate Monitor only monitors Crypto Certificate config objects. It does not monitor certificate files sitting on the flash that have no Crypto Certificate object pointing to them. Sometimes this causes confusion (people are incorrectly expecting that it will notice some expired certificate file on the flash that is unused).
    • SystemAdmin
      SystemAdmin
      6772 Posts
      ACCEPTED ANSWER

      Re: Query related to Crypto Certificate Monitor?

      ‏2013-03-04T15:55:11Z  in response to inestlerode
      i changed crypto cert-monitor level to error and i configured log target with cert-monitor log category and priority is error.
      and now able to get the errors regarding certificate expiry.

      Thanks.........!