08-30-2019 03:30 PM
The certificate on our Aerohive VPN appliance expired yesterday. We were able to quickly replace it and get folks up and running again, but this is at least the 3rd time this has happened. Looking to know how people track the expiration of certificates so that they can replace them before they expire. Our HTTPS certificates are found by Nessus and LogicMonitor, but neither of those systems "see" the certificate on UDP 500.
09-20-2019 05:56 PM
The way we solved this in the end was to write a new test in our monitoring tool, which is LogicMonitor. This test logs into the VG-VA as a read-only user and runs "show vpn ike configuration | in After" which gives us the expiration date as a string. We turn this into a date and compare it to the current date.
08-30-2019 07:33 PM
I didn't think so, but I wondered how other customers manage that expiration if there's no alerting. Maybe a calendar appt, or a ticket that opens in the future, or some other monitoring.
08-30-2019 06:41 PM
We don't have a way to alert you that a certificate is expiring via the HiveManager or the CLI. I can put in a feature request to see if we can add this functionality to a later release if you would like?