Use the custom notifications feature in DigiCert® Trust Lifecycle Manager to send out email alerts when certificates on a connected F5 appliance are set to expire.
From the Trust Lifecycle Manager main menu, select Policies > Notifications.
The table includes all current notification types you can enable. To see notification types related to certificate expiration, open the filter icon next to the Category column header and select the Certificate lifecycle category.
In the table, note the following default notification types for tracking expiration of discovered certificates:
Discovered certificate expired: Send email alerts when certificates have expired.
Discovered certificate expiring: Send email alerts in regular intervals when certificates are approaching expiration, starting up to 120 days in advance.
Let op
By default, these notifications track all discovered certificates and get sent to all users in your Trust Lifecycle Manager account. To create custom notifications for specific certificates or users, you clone the default notification type and use it to configure your custom email alert settings.
Hover the name of the default Discovered certificate expiring notification and select the copy icon next to it to Clone notification.
In the Create custom notification form, use the following fields to configure custom email alerts for the expiring certificates:
Notification name: Assign a friendly name to identify this notification type in Trust Lifecycle Manager.
Additional criteria (optional): Apply one or more filters to match certificates to include in this notification.
Select a certificate property to match in the dropdown on the left.
Select an operator for how to match that certificate property using the dropdown on the right.
Enter the value to match using the input box below the dropdowns.
Use the And or Or buttons to apply additional filters.
Notice windows: Select one or more time range windows for when to send out email alerts about expiring certificates. Alerts can be sent out in predefined windows from
120 daysin advance up to the date of expiration (Today).Recipients: Select one or more recipients who should receive the email alerts.
To send to all users in your Trust Lifecycle Manager account, select All users. This is the default selection.
To send to individuals, use the checkboxes to select the specific account users to send the email alerts to.
Delivery option: Select whether to send digest or individual emails.
Digest emails: Sends out a single daily email that collects all matching certificates that are set to expire.
Individual emails: Sends out a separate email for each individual matching certificate that is set to expire.
Email template (Optional): Make selections here if you want to customize the subject line or body of email alerts for this notification.
Subject: The text of the email subject line, including any variables. When an email gets sent, Trust Lifecycle Manager fills in any variables with their applicable values.
Body variable: Select variables to use in the email subject line or body to help identify the applicable certificates and users. When you select a variable here, Trust Lifecycle Manager adds it at the top of the Body field in the required format. You can then move the variable to the desired location in the subject line or email body. Repeat this process to include additional variables in the email template.
Body: The text of the email body, including any variables. When an email gets sent, Trust Lifecycle Manager fills in any variables with their applicable values.
Select the Create button at bottom to save the custom notification with the configured settings.
To automate renewal of certificates on the F5 appliance, you need to create certificate automation profiles in Trust Lifecycle Manager. You will use these profiles to request, manage, and deploy certificates on the F5 appliance using the Trust Lifecycle Manager web console or API.