You can configure the certificate monitor by using the REST API.
About this task
Configure the certificate monitor to regularly check your certificates and output log messages
that warn you if any have expired or are about to expire.
The procedure for creating a configuration on the appliance is described in Configuring the appliance by using the REST management interface.
Procedure
-
To configure the certificate monitor:
-
Compose the following payload:
{
" CertMonitor ": {
"name": "Certificate Monitor",
"mAdminState ": "enabled",
"PollingInterval": "poll",
"ReminderTime": "reminder",
"LogLevel": "level",
"DisableExpiredCerts": "on/off"
}
}
Where:
- PollingInterval
- Specifies how frequently the certificates should be scanned. Specify a value between 1 and 65535
days.
- ReminderTime
- Specifies how many days in advance of expiration warnings should be issued. Specify a value
between 1 and 65535 days.
- LogLevel
- Specifies the log level that should be assigned to the certificate expiration warnings.
- DisableExpiredCerts
- Set to
ON to automatically disable certificates that have expired. This feature
is not available for queue manager certificates.
-
Post the payload to the following URI:
POST https://hostname:5554/mgmt/config/default/CertMonitor/Certificate%20Monitor
-
To view the current setting of the certificate monitor, issue a GET to the certificate monitor
URI:
GET https://hostname:5554/mgmt/config/default/CertMonitor
The
current setting is displayed, for
example:
{
"CertMonitor": {
"name": "Certificate Monitor",
"mAdminState": "enabled",
"PollingInterval": 1,
"ReminderTime": 30,
"LogLevel": "warn",
"DisableExpiredCerts": "off"
}
}
What to do next
You should define log targets to consume the log messages generated by the certificate
monitor, see Appliance log targets. The log messages have the category
cert-monitor.