NSX Advanced Load Balancer enables users to customize when SSL certificate expiry notification is triggered. The system expects a minimum of three notification days. By default, the alerts are triggered 30 days, seven days, and one day before expiry.

Example

In this example, the Controller's properties are first viewed. The configuration is updated to two notification periods (45 days and 14 days) and saved. The revised Controller properties are viewed for confirmation.

Note:

The two dates are automatically inserted and displayed in sequence.

[admin:10-10-26-52]: > configure controller properties
Updating an existing object. Currently, the object is:

+-----------------------------------------+---------+
| Field                                   | Value   |
+-----------------------------------------+---------+
| uuid                                    | global  |
| unresponsive_se_reboot                  | 300     |
| crashed_se_reboot                       | 900     |
| se_offline_del                          | 172000  |
| vs_se_create_fail                       | 1500    |
| vs_se_vnic_fail                         | 300     |
| vs_se_bootup_fail                       | 300     |
| se_vnic_cooldown                        | 120     |
| vs_se_vnic_ip_fail                      | 120     |
| fatal_error_lease_time                  | 120     |
| upgrade_lease_time                      | 360     |
| query_host_fail                         | 180     |
| vnic_op_fail_time                       | 180     |
| dns_refresh_period                      | 60      |
| se_create_timeout                       | 900     |
| max_dead_se_in_grp                      | 1       |
| dead_se_detection_timer                 | 360     |
| api_idle_timeout                        | 15      |
| allow_unauthenticated_nodes             | False   |
| cluster_ip_gratuitous_arp_period        | 60      |
| vs_key_rotate_period                    | 60      |
| secure_channel_controller_token_timeout | 60      |
| secure_channel_se_token_timeout         | 60      |
| max_seq_vnic_failures                   | 3       |
| vs_awaiting_se_timeout                  | 60      |
| vs_apic_scaleout_timeout                | 360     |
| secure_channel_cleanup_timeout          | 60      |
| attach_ip_retry_interval                | 360     |
| attach_ip_retry_limit                   | 4       |
| persistence_key_rotate_period           | 60      |
| allow_unauthenticated_apis              | False   |
| warmstart_se_reconnect_wait_time        | 300     |
| vs_se_ping_fail                         | 60      |
| se_failover_attempt_interval            | 300     |
| max_pcap_per_tenant                     | 4       |
| ssl_certificate_expiry_warning_days[1]  | 30 days |
| ssl_certificate_expiry_warning_days[2]  | 7 days  |
| ssl_certificate_expiry_warning_days[3]  | 1 days  |
| seupgrade_fabric_pool_size              | 20      |
| seupgrade_segroup_min_dead_timeout      | 360     |
+-----------------------------------------+---------+
[admin:10-10-26-52]: controllerproperties> ssl_certificate_expiry_warning_days 45
[admin:10-10-26-52]: controllerproperties> ssl_certificate_expiry_warning_days 14
[admin:10-10-26-52]: controllerproperties> save

+-----------------------------------------+---------+
| Field                                   | Value   |
+-----------------------------------------+---------+
| uuid                                    | global  |
| unresponsive_se_reboot                  | 300     |
| crashed_se_reboot                       | 900     |
| se_offline_del                          | 172000  |
| vs_se_create_fail                       | 1500    |
| vs_se_vnic_fail                         | 300     |
| vs_se_bootup_fail                       | 300     |
| se_vnic_cooldown                        | 120     |
| vs_se_vnic_ip_fail                      | 120     |
| fatal_error_lease_time                  | 120     |
| upgrade_lease_time                      | 360     |
| query_host_fail                         | 180     |
| vnic_op_fail_time                       | 180     |
| dns_refresh_period                      | 60      |
| se_create_timeout                       | 900     |
| max_dead_se_in_grp                      | 1       |
| dead_se_detection_timer                 | 360     |
| api_idle_timeout                        | 15      |
| allow_unauthenticated_nodes             | False   |
| cluster_ip_gratuitous_arp_period        | 60      |
| vs_key_rotate_period                    | 60      |
| secure_channel_controller_token_timeout | 60      |
| secure_channel_se_token_timeout         | 60      |
| max_seq_vnic_failures                   | 3       |
| vs_awaiting_se_timeout                  | 60      |
| vs_apic_scaleout_timeout                | 360     |
| secure_channel_cleanup_timeout          | 60      |
| attach_ip_retry_interval                | 360     |
| attach_ip_retry_limit                   | 4       |
| persistence_key_rotate_period           | 60      |
| allow_unauthenticated_apis              | False   |
| warmstart_se_reconnect_wait_time        | 300     |
| vs_se_ping_fail                         | 60      |
| se_failover_attempt_interval            | 300     |
| max_pcap_per_tenant                     | 4       |
| ssl_certificate_expiry_warning_days[1]  | 45 days |
| ssl_certificate_expiry_warning_days[2]  | 30 days |
| ssl_certificate_expiry_warning_days[3]  | 14 days |
| ssl_certificate_expiry_warning_days[4]  | 7 days  |
| ssl_certificate_expiry_warning_days[5]  | 1 days  |
| seupgrade_fabric_pool_size              | 20      |
| seupgrade_segroup_min_dead_timeout      | 360     |

To remove any of the warning_days entries, execute a sequence as follows within the configure command:

[admin:10-10-26-52]: controllerproperties> no ssl_certificate_expiry_warning_days 14
[admin:10-10-26-52]: controllerproperties> no ssl_certificate_expiry_warning_days 1
[admin:10-10-26-52]: controllerproperties> save
Note:

Add as many warning_days entries as required. However, while removing them, NSX Advanced Load Balancer will reject any attempt to reduce the number of entries below three.