Appliance certificates monitoring

With Integrated Analytics System 1.0.31.0, an optional policy for monitoring system certificates was introduced. Platform management collects data about various certificates used within the appliance (both platform and application side) and can provide alerts when a certificate is about to expire or is already expired.

By default, the policy is not enabled. To enable the policy, run the following commands:
  • ap config --set params raise_certificate_policy_alerts=true
  • apstop -p
  • apstart -p
After the platform is restarted, monitoring starts. For each monitored certificate, the alerts that follow are generated:
  • Alert Certificate is about to expire with code 903 and warning severity if given certificate has less than 30 days before expiry.
  • If the specified certificate is expired, an alert Certificate is expired with code 904, and major severity.
List of monitored certificates:
  • Cluster nodes security certificates
  • Platform management (Magneto) certificates
  • CallHome certificate
  • WebConsole certificate
  • Db2 SSL certificates
  • Db2 ICP certificates
  • Db2Wh HA (Wolverine) certificates
  • BLUDR-MQ replication certificate
  • BLUDR-Console replication certificates
To disable the policy, run the following commands:
  • ap config --set params raise_certificate_policy_alerts=false
  • apstop -p
  • apstart -p