Set up notifications for SSL certificate expiry

As a security administrator, you can configure notifications when the certificates are about to expire and to include information about which Citrix ADC instances use those certificates. By enabling notifications, you can renew your SSL certificates on time.

For example, you can set an email notification to be sent an email distribution list 30 days before your certificate is due to expire.

To set up notifications from Citrix ADM:

  1. In Citrix ADM, navigate to Networks > SSL Dashboard.

  2. On the SSL Dashboard page, click Settings.

  3. On the Settings page, click the General.

  4. In the Notification Settings section, specify when to send the notification in terms of number of days, prior to the expiration date.

  5. Choose the type of notification you want to send. Select the notification type and the distribution list from the menu. The notification types are as follows:

    • Email – Specify a mail server and profile details. An email is triggered when your certificates are about to expire.

    • Slack - Specify a slack profile. A notification is sent when your certificates are about to expire.

    • PagerDuty alerts - Specify a PagerDuty profile. Based on the notification settings configured in your PagerDuty portal, a notification is sent when your certificates are about to expire.

      localized image

      For more information on how to create a rule and select PagerDuty profile for notification, see Create Event Rules

  6. Click Save and Exit.

Citrix ADM now sends SSL certificate expiry trap to external trap destination server when your SSL certificates are due for expiry. Citrix ADM sends a trap when the following two conditions are satisfied:

  • You have configured the number of days for the certificate expire in SSL dashboard settings page.
  • You have added the trap destination.

You can set trap destinations by navigating to System > SNMP > Trap Destinations. Type the IP address of the destination SNMP server where the traps are sent. Enter the port number and type “public” (without quotes) as the community string.

Set up notifications for SSL certificate expiry