You can configure the certificate monitor by using the command line interface.
About this task
Configure the certificate monitor to regularly check your certificates and output log messages
that warn you if any have expired or are about to expire.
To configure the certificate monitor from the command line, you enter Certificate Monitor mode
and enter the required commands.
Procedure
-
Connect to the IBM® MQ Appliance as described in
Command line access. Log in as an administrative user.
-
Type
crypto to enter crypto mode.
-
Type the following command to configure the certificate monitor settings:
-
Use the following certificate monitor commands to configure the settings:
| Command |
Description |
| admin-state |
Sets the administrative state for the configuration. |
| disable-expired-certs |
Controls the use of expired certificates. |
| log-level |
Sets the priority for certificate monitor messages that note the impending expiration date of
a certificate. |
| poll |
Sets the frequency with which the certificate monitor scans expiration dates. |
| reminder |
Sets the notification window before certificate expiration to start certificate expiration
messages. |
-
After you configure the certificate monitor settings, enter exit to
leave
crypto mode.
-
Enter
write memory to save the updated configuration.
Example
You can view the current settings of the certificate monitor by using the show
cert-monitor
command:mqa# show cert-monitor
cert-monitor [up]
------------
admin-state enabled
poll 1 day
reminder 30 day
log-level warn
disable-expired-certs off
What to do next
You should define log targets to consume the log messages generated by the certificate
monitor, see Appliance log targets. The log messages have the category
cert-monitor.