Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anonymous
Not applicable

Created on ‎08-23-2022 01:11 PM Edited on ‎09-07-2025 11:21 PM By Staff

Article Id 221559

Technical Tip: Configure local certificate expiry Automation Stitch with an email notification

Description

 

This article describes how to configure local certificate expiry Automation trigger with an email notification action.

The main use case is to be notified by email if any local certificate is expiring, so the certificate can be changed before expiration.

 

Scope

 

FortiGate v7.2.1 onward.

 

Solution

 

One might want to remind an administrator to re-sign or load a new local certificate to avoid any service interruptions.

To achieve this, follow the steps below:

 

First, configure the certificate expiration warning using the following commands.

 

config vpn certificate setting
      set cert-expire-warning 14 
  end

 

Note:

cert-expire-warning 14 --> Number of days before a certificate expires to send a warning.

Set to 0 to disable sending of the warning (0 - 100, default = 14).

 

After this Logs are generated when a local certificate is a near expiry.

When a local certificate log is generated, any automation stitches configured with the local-certificate-near-expiry automation trigger will run.

 

Trigger Configuration:

 

On the GUI Security Fabric - >Automation - > Create new

Configure the Name and Action execution as per the requirement.

 

Automation1.PNG

 

Next, choose Add Trigger - > Create - >  (In the System section Local Certificate Expiry can be seen) - > Name it and add Description - > Select OK then select the newly created Trigger and select Apply

 

Automation2.PNG

 

 

Aashiq_Z_0-1661285113512.png

 

 

Automation4.PNG

 

Action Configuration:


 Go to Add Action - > Create - > use Email, Webhook, Slack, Teams, etc. Here Email is used.

 

Automation5.PNG

 

CLI Configuration :

 

config system automation-trigger
    edit "Local Cert Expired Notification"
        set trigger-type event-based
        set event-type local-certificate-near-expiry
        set description "local certificate is near expiration."
    next
  end


config system automation-action
    edit "Local-Certificate-expiry-Notification"
         set description "Local-Certificate-expiry-Notification"
         set action-type email
         set email-to "xyz@fortinet.com"
         set email-from "test@fortinet.com"
         set email-subject "Local-Certificate-expiry-Notification"
         set minimum-interval 3600
     next
  end

 

config system automation-stitch

    edit "Loca-Certificate-near-expiry"

        set trigger "Local Certificate Expiry"

        config actions

            edit 1

                set action "Local-Certificate-expiry-Notification"

                set required enable

            next

        end

    next

end

5860
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.