This article describes how to configure local certificate expiry Automation trigger with an email notification action.
The main use case is to be notified by email if any local certificate is expiring, so the certificate can be changed before expiration.
One might want to remind an administrator to re-sign or load a new local certificate to avoid any service interruptions. To achieve this follow the below steps:
Step 1: Configure the certificate expiration warning using the following commands.
# config vpn certificate setting set cert-expire-warning 14 end
Note: cert-expire-warning 14 –> Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 – 100, default = 14).
Step 2: After this Logs are generated when a local certificate is a near expiry. When a local certificate log is generated, any automation stitches configured with the local-certificate-near-expiry automation trigger will run.
Step 3: On the GUI Security Fabric >Automation > Create new
Configure the Name and Action execution as per the requirement.
Step 4: Choose to Add Trigger > Create > (In the System section Local Certificate Expiry can be seen).
Step 5: Name it and add Description.
Step 6: Select OK then select the newly created Trigger and select Apply.
Step 7: Go to Add Action > Create > use Email, Webhook, Slack, Teams, etc. Here Email is used.
# config system automation-trigger edit "Local Cert Expired Notification" set trigger-type event-based set event-type local-certificate-near-expiry set description "local certificate is near expiration." next end # config system automation-action edit "Local-Certificate-expiry-Notification" set description "Local-Certificate-expiry-Notification" set action-type email set email-to "[email protected]" set email-from "[email protected]" set email-subject "Local-Certificate-expiry-Notification" set minimum-interval 3600 next end