NSX Advanced Load Balancer enables you to customize when SSL certificate expiry notification is triggered. The system expects a minimum of three notification days. By default, the alerts are triggered 30 days, seven days, and one day before expiry.
For instance, in the below sequence:
The Controller's properties are first displayed.
Two notification periods (45 days and 14 days) are specified and saved into the configuration.
The revised Controller properties are displayed as confirmation.
Note:
The two dates are automatically inserted and displayed in sequence.
[admin:10-10-26-52]: > configure controller properties Updating an existing object. Currently, the object is: +-----------------------------------------+---------+ | Field | Value | +-----------------------------------------+---------+ | uuid | global | | unresponsive_se_reboot | 300 | | crashed_se_reboot | 900 | | se_offline_del | 172000 | | vs_se_create_fail | 1500 | | vs_se_vnic_fail | 300 | | vs_se_bootup_fail | 300 | | se_vnic_cooldown | 120 | | vs_se_vnic_ip_fail | 120 | | fatal_error_lease_time | 120 | | upgrade_lease_time | 360 | | query_host_fail | 180 | | vnic_op_fail_time | 180 | | dns_refresh_period | 60 | | se_create_timeout | 900 | | max_dead_se_in_grp | 1 | | dead_se_detection_timer | 360 | | api_idle_timeout | 15 | | allow_unauthenticated_nodes | False | | cluster_ip_gratuitous_arp_period | 60 | | vs_key_rotate_period | 60 | | secure_channel_controller_token_timeout | 60 | | secure_channel_se_token_timeout | 60 | | max_seq_vnic_failures | 3 | | vs_awaiting_se_timeout | 60 | | vs_apic_scaleout_timeout | 360 | | secure_channel_cleanup_timeout | 60 | | attach_ip_retry_interval | 360 | | attach_ip_retry_limit | 4 | | persistence_key_rotate_period | 60 | | allow_unauthenticated_apis | False | | warmstart_se_reconnect_wait_time | 300 | | vs_se_ping_fail | 60 | | se_failover_attempt_interval | 300 | | max_pcap_per_tenant | 4 | | ssl_certificate_expiry_warning_days[1] | 30 days | | ssl_certificate_expiry_warning_days[2] | 7 days | | ssl_certificate_expiry_warning_days[3] | 1 days | | seupgrade_fabric_pool_size | 20 | | seupgrade_segroup_min_dead_timeout | 360 | +-----------------------------------------+---------+
[admin:10-10-26-52]: controllerproperties> ssl_certificate_expiry_warning_days 45 [admin:10-10-26-52]: controllerproperties> ssl_certificate_expiry_warning_days 14 [admin:10-10-26-52]: controllerproperties> save +-----------------------------------------+---------+ | Field | Value | +-----------------------------------------+---------+ | uuid | global | | unresponsive_se_reboot | 300 | | crashed_se_reboot | 900 | | se_offline_del | 172000 | | vs_se_create_fail | 1500 | | vs_se_vnic_fail | 300 | | vs_se_bootup_fail | 300 | | se_vnic_cooldown | 120 | | vs_se_vnic_ip_fail | 120 | | fatal_error_lease_time | 120 | | upgrade_lease_time | 360 | | query_host_fail | 180 | | vnic_op_fail_time | 180 | | dns_refresh_period | 60 | | se_create_timeout | 900 | | max_dead_se_in_grp | 1 | | dead_se_detection_timer | 360 | | api_idle_timeout | 15 | | allow_unauthenticated_nodes | False | | cluster_ip_gratuitous_arp_period | 60 | | vs_key_rotate_period | 60 | | secure_channel_controller_token_timeout | 60 | | secure_channel_se_token_timeout | 60 | | max_seq_vnic_failures | 3 | | vs_awaiting_se_timeout | 60 | | vs_apic_scaleout_timeout | 360 | | secure_channel_cleanup_timeout | 60 | | attach_ip_retry_interval | 360 | | attach_ip_retry_limit | 4 | | persistence_key_rotate_period | 60 | | allow_unauthenticated_apis | False | | warmstart_se_reconnect_wait_time | 300 | | vs_se_ping_fail | 60 | | se_failover_attempt_interval | 300 | | max_pcap_per_tenant | 4 | | ssl_certificate_expiry_warning_days[1] | 45 days | | ssl_certificate_expiry_warning_days[2] | 30 days | | ssl_certificate_expiry_warning_days[3] | 14 days | | ssl_certificate_expiry_warning_days[4] | 7 days | | ssl_certificate_expiry_warning_days[5] | 1 days | | seupgrade_fabric_pool_size | 20 | | seupgrade_segroup_min_dead_timeout | 360 | +-----------------------------------------+---------+
To remove any of the warning_days entries, execute a sequence within the configure command. For instance,
[admin:10-10-26-52]: controllerproperties> no ssl_certificate_expiry_warning_days 14 [admin:10-10-26-52]: controllerproperties> no ssl_certificate_expiry_warning_days 1 [admin:10-10-26-52]: controllerproperties> save
Note:
Add as many warning_days entries as required. However, when removing them, NSX Advanced Load Balancer will reject any attempt to reduce the number of entries below three.
