.rst .pdf

SNMP Trap: Web Certificate Expiry

A trap is generated when the nginx web certificate is about to expire.

Three intervals are checked which will return a result:

• 30 days prior to expiry

• 14 days prior to expiry

• 1 day prior to expiry

After expiry, an alert is sent every day.

Severity Messages:

• ERROR: Web certificate about to expire

• ERROR: WEB CERT EXPIRED AT:

SNMP Trap examples:

2021-07-09 02:56:31 <server_IP>
[UDP: [<server_IP>]:58567->[<snmp_server_IP>]:162]:
iso.3.6.1.2.1.1.3.0 = Timeticks: (795178) 2:12:31.78
iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.2.1.88.2.0.1
iso.3.6.1.2.1.88.2.1.1.0 = STRING: "Certificate_Maintenance"
iso.3.6.1.2.1.88.2.1.3.0 = STRING: "ID: WEB_CERTIFICATE_VOSS,
 Code: -1,
 Occurences: 1,
 Latest Occurence: 2021-07-09T00:56:30.610Z"
iso.3.6.1.2.1.88.2.1.5.0 = INTEGER: 1
iso.3.6.1.2.1.1.5.0 = STRING: "VOSS"

2021-07-09 02:56:32 <server_IP>
[UDP: [<server_IP>]:45737->[<snmp_server_IP>]:162]:
iso.3.6.1.2.1.1.3.0 = Timeticks: (795286) 2:12:32.86
iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.2.1.88.2.0.1
iso.3.6.1.2.1.88.2.1.1.0 = STRING: "ERROR: Web certificate about to expire"
iso.3.6.1.2.1.88.2.1.3.0 = STRING: "Cert will expire in less than 30 day(s)"
iso.3.6.1.2.1.88.2.1.5.0 = INTEGER: 1
iso.3.6.1.2.1.1.5.0 = STRING: "VOSS"

2021-07-09 03:00:40 <server_IP>
[UDP: [<server_IP>]:37982->[<snmp_server_IP>]:162]:
iso.3.6.1.2.1.1.3.0 = Timeticks: (820135) 2:16:41.35
iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.2.1.88.2.0.1
iso.3.6.1.2.1.88.2.1.1.0 = STRING: "INFO: Web certificate has been renewed"
iso.3.6.1.2.1.88.2.1.3.0 = STRING: "Web certificate has been renewed"
iso.3.6.1.2.1.88.2.1.5.0 = INTEGER: 1
iso.3.6.1.2.1.1.5.0 = STRING: "VOSS"

Example GUI alert shown in the data/Alert instance in the Database

• AlertCode: “25005”

• Category: “Certificate_Maintenance”

• AlertId: “WEB_CERTIFICATE_<certificate-name>”

• Message: “The certificate will expire in less than {} day(s).” (number of days - alert will result)

• Severity: WARNING

• alert_timestamp: <timestamp>

Example error raised through platform monitoring

Notification message from (1, 3, 6, 1, 6, 1, 1):('10.120.1.203', 5194):
Var-binds:
1.3.6.1.2.1.1.3.0 = 16128774
1.3.6.1.6.3.1.1.4.1.0 = 1.3.6.1.2.1.88.2.0.1
1.3.6.1.2.1.88.2.1.1.0 = ERROR: Web certificate about to expire
1.3.6.1.2.1.88.2.1.3.0 = Cert will expire in less than {} day(s)
1.3.6.1.2.1.88.2.1.5.0 = 1
1.3.6.1.2.1.1.5.0 = VOSS-UN-1

Resolution

Renew the web certificate - see: Web Certificate Setup Options.

previous

SNMP Trap: NGINX Status

next

SNMP Trap: Security Updates