This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to set up TLS/SSL Certificate Expiry alert on ApigeeX

Posted on 04-21-2023 04:39 AM
apg
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi, 

I have to setup alerts for TLS keystores before they are going to expire in ApigeeX. We want to be notified, so we can prepare a release to upload it with renewed certificate. Is it possible to send such alerts in apigeeX?

@dchiesa1 

0 4 666
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

There is an existing feature request (internal ref: b/222098727) for this. 

But for now, you will have to do this yourself. This probably means, you need to set up a scheduled job , that runs nightly, and checks each keystore for certificates, and then checks the validity date for each certificate.  And if one of them is set to expire "soon", then send an alert.  And the alert can be an email, a Slack message, a message in Google Chat, a webhook, etc.

It is up to you to define "soon".  You might also want to track the alerts that were previously sent out.  So you'd need some very small state management. So that you could send an alert when the cert is set to expire in 45 days, 30 days, and 15 days, and 1 day.  But you wouldn't send an alert every day.  To build that kind of thing you'd need persistent state to track which alerts were sent, for each certificate. 

Posted on --/--/---- --:-- AM
muq_ash
Bronze 4
Bronze 4
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi @dchiesa1 . 
Any update on the feature? 

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to muq_ash
Reply posted on --/--/---- --:-- AM

Still in the backlog, pending prioritization.  I think there's agreement that they want to build it, but they haven't scheduled the work. 

For now you can use something like the bash script at https://github.com/Matty9191/ssl-cert-check 

The way I did it was to set a cron job like this: 

03 03 * * * /bin/bash /Users/me/bin/ssl-cert-check -s www.my-site.net -p 443 -a -e admin-to-notify@example.com -q

There are lots of TLS certificate checker tools out there, though.  

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to muq_ash
Reply posted on --/--/---- --:-- AM

Another update.  

This still has not been prioritized out of the backlog. 

You can try the following.  It uses Google Cloud Application Integration to perform the checks. 

https://github.com/DinoChiesa/AppInt-Apigee-Cert-Expiry-Checker

Top Solution Authors
View all