Skip to Content

Solved: How do I configure local certificate expiry Automation Stitch with an email notification?

This article describes how to configure local certificate expiry Automation trigger with an email notification action.

The main use case is to be notified by email if any local certificate is expiring, so the certificate can be changed before expiration.

Solution

One might want to remind an administrator to re-sign or load a new local certificate to avoid any service interruptions. To achieve this follow the below steps:

Step 1: Configure the certificate expiration warning using the following commands.

# config vpn certificate setting
set cert-expire-warning 14
end

Note: cert-expire-warning 14 –> Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 – 100, default = 14).

Step 2: After this Logs are generated when a local certificate is a near expiry. When a local certificate log is generated, any automation stitches configured with the local-certificate-near-expiry automation trigger will run.

Trigger Configuration

Step 3: On the GUI Security Fabric >Automation > Create new

Configure the Name and Action execution as per the requirement.

Configure the Name and Action execution as per the requirement.

Step 4: Choose to Add Trigger > Create > (In the System section Local Certificate Expiry can be seen).

Choose to Add Trigger > Create > (In the System section Local Certificate Expiry can be seen)

Step 5: Name it and add Description.

Name it and add Description for new automation trigger.

Step 6: Select OK then select the newly created Trigger and select Apply.

Select OK then select the newly created Trigger and select Apply.

Action Configuration

Step 7: Go to Add Action > Create > use Email, Webhook, Slack, Teams, etc. Here Email is used.

Go to Add Action > Create > use Email, Webhook, Slack, Teams, etc. Here Email is used.

CLI Configuration

# config system automation-trigger
edit "Local Cert Expired Notification"
set trigger-type event-based
set event-type local-certificate-near-expiry
set description "local certificate is near expiration."
next
end
# config system automation-action
edit "Local-Certificate-expiry-Notification"
set description "Local-Certificate-expiry-Notification"
set action-type email
set email-to "[email protected]"
set email-from "[email protected]"
set email-subject "Local-Certificate-expiry-Notification"
set minimum-interval 3600
next
end

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.