Report on Certificate Status

TomWhi · ‎03-09-2020

Hi

I've been tasked to get an automated alert when our installed certificates are due to expire on the FortiGates. We are running 6.0.3, and I have not been able to find a good way to get an alert "X Days" before the cert expires.

Has anyone got a solution for achieving this?

-------------------------------------------------

Tom Whiteley Infrastructure Engineer

tanr · ‎03-09-2020

Depending on the certificate type and use, I think there is an auto-update-days-warning value you can set. See https://docs.fortinet.com/document/fortigate/6.2.3/cli-reference/296620/certificate-ca for an example. Haven't tried it myself.

tioeudes · ‎03-09-2020

If you have a fortianalyzer, you can use the event handlers to set up the mail alert. The event handlers allow ore granular alert configuration than those that exist on fortigate.

https://docs2.fortinet.co...-custom-event-handlers

TomWhi · ‎03-10-2020

Thank you both.

We have internally generated certificates so sadly I won't be able to go down the request for an updated CA certificate route - but it's an interesting feature.

We do have fortianalyser so I'll check out to see if we have those errors in there (or when it gets closer to the time if they are generated) and do as you said. This will only be an issue if the FGs don't generate an alert for me to pull out...

-------------------------------------------------

Tom Whiteley Infrastructure Engineer

Report on Certificate Status

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website