Check for Certificate Expiration

We are providing a new check to validate the certificates expiration from the SVM in the NetApp cluster. This check will send you a warning if one (or many) of the server-certificates are going to expire within a given number of days.

$ scripts/certificate -H filer -w 30 -c 10
CERTIFICATE OK - 3 server certificates found.
vserv_a - vserv_a_15C538857A9BF1EC: 229d (OK)
vserv_b - vserv_b_15C5388782DAC910: 229d (OK)
sim96cluster - sim96cluster_15C531AC49B9C240: 229d (OK) 

Please mind the missing file-extension for the certificate command above. This check is a precompiled binary with zero dependencies.

The certificate check requires the new RESTfull getter get_netapp to be run in advance with the certificate object set. This way the certificate-information is retrieved and stored locally. The REST-full getter works only for ONATP 9.6 or later!

Bottom line: The present implementation with a getter for ONTAP 9.6 or later and no getter for older ONTAP releases for the certificate object, limits the use of the certificate check to ONTAP 9.6 (or later).

Following a complete example on how to check certificate expiration:

$ scripts/get_netapp -H filer -o certificate 
Data for object 'certificate' collected within 0.263231s. Number of instances stored: 104
| 'total_duration'=0.263231415s;45;55;0;

$ scripts/certificate -H filer -w 30 -c 10
CERTIFICATE OK - 3 server certificates found.
vserv_a - vserv_a_15C538857A9BF1EC: 229d (OK)
vserv_b - vserv_b_15C5388782DAC910: 229d (OK)
sim96cluster - sim96cluster_15C531AC49B9C240: 229d (OK)

The Certificate check is part of the 5.1.0 version whose release is scheduled for February the 1st 2020. Please consider reading the release history as well.

Update

This check is now part of Check NetApp-REST and has an autogetter included. Therefore the above mentioned getter is not required anymore.