This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Tracking VPN certificate expiration

Tracking VPN certificate expiration

fraser_hess
New Contributor

‎08-30-2019 03:30 PM

The certificate on our Aerohive VPN appliance expired yesterday. We were able to quickly replace it and get folks up and running again, but this is at least the 3rd time this has happened. Looking to know how people track the expiration of certificates so that they can replace them before they expire. Our HTTPS certificates are found by Nessus and LogicMonitor, but neither of those systems "see" the certificate on UDP 500.

0 Kudos
3 REPLIES 3

fraser_hess
New Contributor

‎09-20-2019 05:56 PM

The way we solved this in the end was to write a new test in our monitoring tool, which is LogicMonitor. This test logs into the VG-VA as a read-only user and runs "show vpn ike configuration | in After" which gives us the expiration date as a string. We turn this into a date and compare it to the current date.

0 Kudos

fraser_hess
New Contributor

‎08-30-2019 07:33 PM

I didn't think so, but I wondered how other customers manage that expiration if there's no alerting. Maybe a calendar appt, or a ticket that opens in the future, or some other monitoring.

0 Kudos

samantha_lynn
Esteemed Contributor III

‎08-30-2019 06:41 PM

We don't have a way to alert you that a certificate is expiring via the HiveManager or the CLI. I can put in a feature request to see if we can add this functionality to a later release if you would like?

0 Kudos
GTM-P2G8KFN