Certificate Expiration Alerts¶
Overview¶
You can use the Certificate Expiration Alerts API to configure multiple thresholds for certificate expiration alerts. The threshold value can specify the number of days before certificate expiration that an alert is to be raised. In the following description, the default alert threshold is represented as certificate_expire_threshold and registered under the /mgmt/cm/shared/event/alert-config/ collection. Additional alert thresholds which are being added or modified are represented as certificate_expire_threshold_1, certificate_expire_threshold_2, certificate_expire_threshold_3 ect.
Warning
This API is handled by the UI only and performs no backend validation of the alert configuration. Adding a bad configuration can result in unintended alert behavior, such as sending a large numbers of alert emails which exceed capacity. It is the responsibility of the administrator to use caution when using this API to configure multiple thresholds.
Requests¶
Examples¶
POST to add a certificate expiration threshold¶
Following is an example of a POST to add a default or additional certificate expiration threshold.
POST https://<BIG-IQ>/mgmt/cm/shared/event/alert-config/certificate_expire_threshold
The JSON in the body of the POST can look similar to the following example.
{
"kind": "cm:shared:event:alert-config:alertconfigurationstate",
"message": "Certificate {{__property__cert_name}} on Hostname: {{__device_hostname__}} will expire in {{latest}} days",
"maxValue": 3650,
"minValue": 1,
"selfLink": "https://localhost/mgmt/cm/shared/event/alert-config/certificate_expire_threshold",
"alertType": "certificate_expire_threshold",
"isEnabled": true,
"statsName": "health.summary.certs",
"alertLevel": "WARNING",
"dataValues": [{
"name": "device",
"path": "key",
"type": "STRING"
},
{
"name": "latest",
"path": "latest",
"type": "INT",
"threshold": "30d",
"thresholdLabel": "Days to expiration"
}
],
"alertFilter": "alertType eq 'certificate_expire_threshold' and source eq '{{device}}'",
"displayName": "Certificate expiration",
"eventFilter": "eventType eq 'certificate_expire_date'",
"emailSubject": "Certificate Expiration Alert",
"onlyAlertOnce": true,
"aggregationType": "LATEST",
"alertDeviceType": "BIG_IQ",
"alertTimeWindow": "5m",
"eventProperties": "Certificate Partition: {{__property__cert_partition}}\n\nCertificate Name: {{__property__cert_name}}\n\nExpiration Date: {{__property__cert_expirationDateTime}}\n\nCertificate Subject: {{__property__cert_subject}}\n\nCertificate Issuer: {{__property__cert_issuer}}",
"eventTimeWindow": "1m",
"pollingInterval": "1m",
"lastUpdateMicros": 1594117454905599,
"dataIsMultiValued": false,
"publishIndividualStats": true,
"statsSummaryDescription": "Device has certificates that are expiring soon",
"alertConditionExpression": "latest le 3d",
"snmpEvent": "No",
"sameTypeAlerts": [],
"threshold": 30,
"thresholdDisplayLabel": "N/A",
"thresholdLabel": "Days to expiration (1-3650)",
"max": 3650,
"displayThreshold": "3 Days to expiration (1-3650)"
}
Response¶
HTTP/1.1 200 OK
{
"alertType": "certificate_expire_threshold",
"isEnabled": true,
"eventFilter": "eventType eq 'certificate_expire_date'",
"eventTimeWindow": "1m",
"aggregationType": "LATEST",
"pollingInterval": "1m",
"dataIsMultiValued": false,
"dataValues": [{
"name": "device",
"path": "key",
"type": "STRING"
},
{
"name": "latest",
"path": "latest",
"type": "INT",
"thresholdLabel": "Days to expiration",
"threshold": "30d"
}
],
"alertConditionExpression": "latest le 30d",
"alertFilter": "alertType eq 'certificate_expire_threshold' and source eq '{{device}}'",
"alertTimeWindow": "5m",
"alertLevel": "WARNING",
"message": "Certificate {{__property__cert_name}} on Hostname: {{__device_hostname__}} will expire in {{latest}} days",
"eventProperties": "Certificate Partition: {{__property__cert_partition}}\n\nCertificate Name: {{__property__cert_name}}\n\nExpiration Date: {{__property__cert_expirationDateTime}}\n\nCertificate Subject: {{__property__cert_subject}}\n\nCertificate Issuer: {{__property__cert_issuer}}",
"emailSubject": "Certificate Expiration Alert",
"statsName": "health.summary.certs",
"statsSummaryDescription": "Device has certificates that are expiring soon",
"publishIndividualStats": true,
"alertDeviceType": "BIG_IQ",
"maxValue": 3650.0,
"minValue": 1.0,
"displayName": "Certificate expiration",
"onlyAlertOnce": true,
"generation": 6,
"lastUpdateMicros": 1594117466716434,
"kind": "cm:shared:event:alert-config:alertconfigurationstate",
"selfLink": "https://localhost/mgmt/cm/shared/event/alert-config/certificate_expire_threshold"
}
GET to retrieve all certificate expiration threshold records¶
Following is an example of a GET to retrieve all the certificate expiration threshold records in the collection.
GET https://<BIG-IQ>/mgmt/cm/shared/event/alert-config?$filter=(displayName eq 'Certificate expiration')
The body of the GET request can be empty.
Response¶
HTTP/1.1 200 OK
{
"totalItems": 2,
"items": [{
"kind": "cm:shared:event:alert-config:alertconfigurationstate",
"message": "Certificate {{__property__cert_name}} on Hostname: {{__device_hostname__}} will expire in {{latest}} days",
"maxValue": 3650.0,
"minValue": 1.0,
"selfLink": "https://localhost/mgmt/cm/shared/event/alert-config/certificate_expire_threshold",
"alertType": "certificate_expire_threshold",
"isEnabled": true,
"statsName": "health.summary.certs",
"alertLevel": "WARNING",
"dataValues": [{
"name": "device",
"path": "key",
"type": "STRING"
},
{
"name": "latest",
"path": "latest",
"type": "INT",
"threshold": "30d",
"thresholdLabel": "Days to expiration"
}
],
"generation": 2.0,
"alertFilter": "alertType eq 'certificate_expire_threshold' and source eq '{{device}}'",
"displayName": "Certificate expiration",
"eventFilter": "eventType eq 'certificate_expire_date'",
"emailSubject": "Certificate Expiration Alert",
"onlyAlertOnce": true,
"aggregationType": "LATEST",
"alertDeviceType": "BIG_IQ",
"alertTimeWindow": "1d",
"eventProperties": "Certificate Partition: {{__property__cert_partition}}\n\nCertificate Name: {{__property__cert_name}}\n\nExpiration Date: {{__property__cert_expirationDateTime}}\n\nCertificate Subject: {{__property__cert_subject}}\n\nCertificate Issuer: {{__property__cert_issuer}}",
"eventTimeWindow": "1d",
"pollingInterval": "12h",
"lastUpdateMicros": 1.596016664962498E15,
"dataIsMultiValued": false,
"publishIndividualStats": true,
"statsSummaryDescription": "Device has certificates that are expiring soon",
"alertConditionExpression": "latest le 30d"
},
{
"kind": "cm:shared:event:alert-config:alertconfigurationstate",
"message": "Certificate {{__property__cert_name}} on Hostname: {{__device_hostname__}} will expire in {{latest}} days",
"maxValue": 3650.0,
"minValue": 1.0,
"selfLink": "https://localhost/mgmt/cm/shared/event/alert-config/certificate_expire_threshold_1",
"alertType": "certificate_expire_threshold_1",
"isEnabled": true,
"statsName": "health.summary.certs",
"alertLevel": "WARNING",
"dataValues": [{
"name": "device",
"path": "key",
"type": "STRING"
},
{
"name": "latest",
"path": "latest",
"type": "INT",
"threshold": "10d",
"thresholdLabel": "Days to expiration"
}
],
"generation": 2.0,
"alertFilter": "alertType eq 'certificate_expire_threshold_1' and source eq '{{device}}'",
"displayName": "Certificate expiration",
"eventFilter": "eventType eq 'certificate_expire_date'",
"emailSubject": "Certificate Expiration Alert",
"onlyAlertOnce": true,
"aggregationType": "LATEST",
"alertDeviceType": "BIG_IQ",
"alertTimeWindow": "1d",
"eventProperties": "Certificate Partition: {{__property__cert_partition}}\n\nCertificate Name: {{__property__cert_name}}\n\nExpiration Date: {{__property__cert_expirationDateTime}}\n\nCertificate Subject: {{__property__cert_subject}}\n\nCertificate Issuer: {{__property__cert_issuer}}",
"eventTimeWindow": "1d",
"pollingInterval": "12h",
"lastUpdateMicros": 1.595905469375027E15,
"dataIsMultiValued": false,
"publishIndividualStats": true,
"statsSummaryDescription": "Device has certificates that are expiring soon",
"alertConditionExpression": "latest le 10d"
}
],
"generation": 54,
"kind": "cm:shared:event:alert-config:alertconfigurationcollectionstate",
"lastUpdateMicros": 1596016664986624,
"selfLink": "https://localhost/mgmt/cm/shared/event/alert-config"
}
GET to retrieve a specific certificate expiration threshold record¶
Following is an example of a GET to retrieve a specific certificate expiration threshold record: certificate_expire_threshold .
GET https://<BIG-IQ>/mgmt/cm/shared/event/alert-config/certificate_expire_threshold
The body of the GET request can be empty.
Response¶
HTTP/1.1 200 OK
{
"alertType": "certificate_expire_threshold",
"isEnabled": true,
"eventFilter": "eventType eq 'certificate_expire_date'",
"eventTimeWindow": "1m",
"aggregationType": "LATEST",
"pollingInterval": "1m",
"dataIsMultiValued": false,
"dataValues": [{
"name": "device",
"path": "key",
"type": "STRING"
},
{
"name": "latest",
"path": "latest",
"type": "INT",
"thresholdLabel": "Days to expiration",
"threshold": "30d"
}
],
"alertConditionExpression": "latest le 30d",
"alertFilter": "alertType eq 'certificate_expire_threshold' and source eq '{{device}}'",
"alertTimeWindow": "5m",
"alertLevel": "WARNING",
"message": "Certificate {{__property__cert_name}} on Hostname: {{__device_hostname__}} will expire in {{latest}} days",
"eventProperties": "Certificate Partition: {{__property__cert_partition}}\n\nCertificate Name: {{__property__cert_name}}\n\nExpiration Date: {{__property__cert_expirationDateTime}}\n\nCertificate Subject: {{__property__cert_subject}}\n\nCertificate Issuer: {{__property__cert_issuer}}",
"emailSubject": "Certificate Expiration Alert",
"statsName": "health.summary.certs",
"statsSummaryDescription": "Device has certificates that are expiring soon",
"publishIndividualStats": true,
"alertDeviceType": "BIG_IQ",
"maxValue": 3650.0,
"minValue": 1.0,
"displayName": "Certificate expiration",
"onlyAlertOnce": true,
"generation": 6,
"lastUpdateMicros": 1594117466716434,
"kind": "cm:shared:event:alert-config:alertconfigurationstate",
"selfLink": "https://localhost/mgmt/cm/shared/event/alert-config/certificate_expire_threshold"
}
DELETE to delete a specific threshold¶
Following is an example of a DELETE to delete a specific threshold other than default.
DELETE https://<BIG-IQ>/mgmt/cm/shared/event/alert-config/certificate_expire_threshold_1
The body of the DELETE request can be empty.
Response¶
HTTP/1.1 200 OK
{
"alertType": "certificate_expire_threshold",
"isEnabled": true,
"eventFilter": "eventType eq 'certificate_expire_date'",
"eventTimeWindow": "1m",
"aggregationType": "LATEST",
"pollingInterval": "1m",
"dataIsMultiValued": false,
"dataValues": [{
"name": "device",
"path": "key",
"type": "STRING"
},
{
"name": "latest",
"path": "latest",
"type": "INT",
"thresholdLabel": "Days to expiration",
"threshold": "30d"
}
],
"alertConditionExpression": "latest le 30d",
"alertFilter": "alertType eq 'certificate_expire_threshold' and source eq '{{device}}'",
"alertTimeWindow": "5m",
"alertLevel": "WARNING",
"message": "Certificate {{__property__cert_name}} on Hostname: {{__device_hostname__}} will expire in {{latest}} days",
"eventProperties": "Certificate Partition: {{__property__cert_partition}}\n\nCertificate Name: {{__property__cert_name}}\n\nExpiration Date: {{__property__cert_expirationDateTime}}\n\nCertificate Subject: {{__property__cert_subject}}\n\nCertificate Issuer: {{__property__cert_issuer}}",
"emailSubject": "Certificate Expiration Alert",
"statsName": "health.summary.certs",
"statsSummaryDescription": "Device has certificates that are expiring soon",
"publishIndividualStats": true,
"alertDeviceType": "BIG_IQ",
"maxValue": 3650.0,
"minValue": 1.0,
"displayName": "Certificate expiration",
"onlyAlertOnce": true,
"generation": 6,
"lastUpdateMicros": 1594117466716434,
"kind": "cm:shared:event:alert-config:alertconfigurationstate",
"selfLink": "https://localhost/mgmt/cm/shared/event/alert-config/certificate_expire_threshold"
}