Appliance certificates monitoring
With Integrated Analytics System 1.0.31.0, an optional policy for monitoring system certificates was introduced. Platform management collects data about various certificates used within the appliance (both platform and application side) and can provide alerts when a certificate is about to expire or is already expired.
By default, the policy is not enabled. To enable the policy, run the following commands:
-
ap config --set params raise_certificate_policy_alerts=true -
apstop -p -
apstart -p
After the platform is restarted, monitoring starts. For each monitored certificate, the alerts
that follow are generated:
- Alert
Certificate is about to expirewith code 903 and warning severity if given certificate has less than 30 days before expiry. - If the specified certificate is expired, an alert
Certificate is expiredwith code 904, and major severity.
List of monitored certificates:
- Cluster nodes security certificates
- Platform management (Magneto) certificates
- CallHome certificate
- WebConsole certificate
- Db2 SSL certificates
- Db2 ICP certificates
- Db2Wh HA (Wolverine) certificates
- BLUDR-MQ replication certificate
- BLUDR-Console replication certificates
To disable the policy, run the following commands:
-
ap config --set params raise_certificate_policy_alerts=false -
apstop -p -
apstart -p