Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TomWhi
New Contributor

Report on Certificate Status

Hi

 

I've been tasked to get an automated alert when our installed certificates are due to expire on the FortiGates. We are running 6.0.3, and I have not been able to find a good way to get an alert "X Days" before the cert expires. 

 

Has anyone got a solution for achieving this?

-------------------------------------------------

Tom Whiteley Infrastructure Engineer

------------------------------------------------- Tom Whiteley Infrastructure Engineer
3 REPLIES 3
tanr
Valued Contributor II

Depending on the certificate type and use, I think there is an auto-update-days-warning value you can set.  See https://docs.fortinet.com/document/fortigate/6.2.3/cli-reference/296620/certificate-ca for an example.  Haven't tried it myself.

tioeudes

If you have a fortianalyzer, you can use the event handlers to set up the mail alert. The event handlers allow ore granular alert configuration than those that exist on fortigate.

 

https://docs2.fortinet.co...-custom-event-handlers

TomWhi

Thank you both.

 

We have internally generated certificates so sadly I won't be able to go down the  request for an updated CA certificate route - but it's an interesting feature. 

 

We do have fortianalyser so I'll check out to see if we have those errors in there (or when it gets closer to the time if they are generated) and do as you said. This will only be an issue if the FGs don't generate an alert for me to pull out...

-------------------------------------------------

Tom Whiteley Infrastructure Engineer

------------------------------------------------- Tom Whiteley Infrastructure Engineer
Labels
Top Kudoed Authors