FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
rsingla
Staff
Staff
Description
This article describes how to generate an automatic event log as a reminder on a FortiWeb when a SSL Certificate is about to expire.

Scope
FortiWeb SSL Certificates

Solution
Prior to FortiWeb 6.2, FortiWeb would not generate an event when the SSL Certificate is about to expire.

But starting from 6.2.0 version, admin can configure a setting from CLI, which will generate an event log and reminds administrator about the Certificates going to expire.

The number of days before the event log is generated can be selected between 0-365.

The CLI command to do the same is:
FortiWeb # conf system global
FortiWeb (global) # set cert-expire-check-time <cert-expire-check-time _int>
FortiWeb (global) # end
set cert-expire-check-time <cert-expire-check-time _int>
This command sets the notification time ( the days) before the certificate expires. The valid value range is 0-365. When the value is 0, it means no certificate expiration will be checked. When the value is 100, it means notification will be sent 100 days before the certificate expires.

The maximum number of days when an event can be generated is 365 days which is 1 year.

Once the time period set in command is reached, an event log like this will appear below.
v010xxxxdate=2020-08-27 time=11:03:07 log_id=19999489 msg_id=000000002169 device_id=FXXXXXXXXXXX4 vd="root" timezone="(GMT+4:00)Abu Dhabi,Muscat" timezone_dayst="GMTa-4" type=event subtype="system" pri=alert trigger_policy="N/A" user=daemon ui=daemon action=cert-expire status=failure msg="Certificate fortiweb.com will get expired in 1 day"
If FortiWeb logs are sent to FortiAnalyer, then an email alert can also be triggered to admin using Event Handler on FortiAnalyer. Ref Link : https://docs.fortinet.com/document/fortigate/6.2.0/new-features/477793/trigger-fortianalyzer-event-h...

Contributors