Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

TLS flow export - certificate management

 

Information

 

Summary:

Details about managing certificates on monitoring/listening ports when using TLS flow export.

Environment:

Product: Flowmon OS

Version: Any

Platform: Any

Question/Problem Description:

How to check certificate validity for flow export/collection in Flowmon OS?

Steps to Reproduce:  
Error Message:  
Defect Number: FLMON-3648
Enhancement Number:  
Cause:  
Resolution:

Usage of TLS flow export requires uploading the key, certificate, and CA certificate to every monitoring and listening port. 

Certificate validity is being checked on the flow exporter side when initiating a new TCP connection to the collector. When the certificates are expired, the flow export is stopped.

It is possible to check certificate validity in CLI.

On the collector:

openssl x509 -in /data/nfsen/etc/cert/<*.crt, *.pem> -text -noout

On the probe:

openssl x509 -in /etc/flowmon/cert/<*.crt, *.pem> -text -noout

Replace <*.crt, *.pem> with the certificate name. 

Workaround:  
Notes:  

Was this article helpful?
0 out of 0 found this helpful

Comments