Last Modified: Jun 19, 2025
Affected Product(s):
BIG-IQ Applications
Known Affected Versions:
8.2.0.1
Opened: Apr 23, 2024 Severity: 3-Major
When a BIG-IP has certificates that have already expired, the BIG-IQ can send out an alert stating the certificate will expire. A message similar to the following will be seen: "Certificate my_expired_certificate.crt on Hostname: Big-IPA will expire in -120 days"
There is no negative impact on the system. Alerts will be created for the certificates that have already expired or will soon expire.
BIG-IQ has imported the configuration for a BIG-IP that contains expired certificates
This issue has a workaround, but it will not persist an upgrade until it is fixed. Run the following command to update the criteria for the certificates: restcurl -X PATCH /cm/shared/event/alert-config/certificate_expire_threshold -d '{"alertConditionExpression": "latest le 30d and latest ge 0d"}' The file /var/config/rest/default/alertConfigurations/defaultAlertConfigs.json gets read in during service startup and needs to be updated to match the above information to avoid having the value overwritten at the next restjavad restart.
None