Set up notifications for SSL certificate expiry 编辑

As a security administrator, you can set up notifications to inform you when certificates are about to expire and to include information about which Citrix Application Delivery Controller (ADC) instances use those certificates. By enabling notifications, you can renew your SSL certificates on time.

For example, you can set an email notification to be sent an email distribution list 30 days before your certificate is due to expire.

To set up notifications from Citrix ADM:

1. In Citrix Application Delivery Management (ADM), navigate to Infrastructure > SSL Dashboard.

2. On the SSL Dashboard page, click Settings.

3. On the SSL Settings page, click the Edit icon .

4. In the Notification Settings section, specify when you want to send the notification in terms of number of days prior to the expiration date.

5. Choose the type of notification you want to send. Select the notification type and the distribution list from the drop-down menu. The notification types are as follows:

   • Email – Specify a mail server and profile details. An email is triggered when your certificates are about to expire.

   • SMS – Specify a Short Message Service (SMS) server and profile details. An SMS message is triggered when your certificates are about to expire.

   • Slack - Specify Slack profile details.

   • PagerDuty alerts - Specify a PagerDuty profile. Based on the notification settings configured in your PagerDuty portal, a notification is sent when your certificates are about to expire.

   • ServiceNow - A notification is sent to the default ServiceNow profile when your certificates are about to expire.

     Important

     Ensure Citrix Cloud ITSM Adapter is configured for ServiceNow and integrated with Citrix ADM. For more information, see Integrate Citrix ADM with ServiceNow instance.

     

6. Click Save and Exit.

Citrix ADM now sends SSL certificate expiry trap to external trap destination server when your SSL certificates are due for expiry. Citrix ADM sends a trap when the following two conditions are satisfied:

• You have configured the number of days for the certificate expire in SSL dashboard settings page.

• You have added the trap destination.

You can set trap destinations by navigating to Settings > SNMP > Trap Destinations. Type the IP address of the destination SNMP server where the traps are sent. Enter the port number and type “public” (without quotes) as the community string.