Application Delivery Management

Set up notifications for SSL certificate expiry

As a security administrator, you can set up notifications to inform you when certificates are about to expire and to include information about which Citrix NetScaler instances use those certificates. By enabling notifications, you can renew your SSL certificates on time.

For example, you can set an email notification to be sent an email distribution list 30 days before your certificate is due to expire.

To set up notifications from NetScaler Console:

  1. In NetScaler Console, navigate to Infrastructure > SSL Dashboard.

  2. On the SSL Dashboard page, click Settings.

  3. On the SSL Settings page, click the Edit icon .

  4. In the Notification Settings section, specify when you want to send the notification in terms of number of days prior to the expiration date.

  5. Choose the type of notification you want to send. Select the notification type and the distribution list from the drop-down menu. The notification types are as follows:

    • Email – Specify a mail server and profile details. An email is triggered when your certificates are about to expire.

    • SMS – Specify a Short Message Service (SMS) server and profile details. An SMS message is triggered when your certificates are about to expire.

    • Slack - Specify Slack profile details.

    • PagerDuty alerts - Specify a PagerDuty profile. Based on the notification settings configured in your PagerDuty portal, a notification is sent when your certificates are about to expire.

    • ServiceNow - A notification is sent to the default ServiceNow profile when your certificates are about to expire.


      Ensure Citrix Cloud ITSM Adapter is configured for ServiceNow and integrated with NetScaler Console. For more information, see Integrate NetScaler Console with ServiceNow instance.

      Notifications for SSL certificate expiry

  6. Click Save and Exit.

NetScaler Console now sends SSL certificate expiry trap to external trap destination server when your SSL certificates are due for expiry. NetScaler Console sends a trap when the following two conditions are satisfied:

  • You have configured the number of days for the certificate expire in SSL dashboard settings page.

  • You have added the trap destination.

You can set trap destinations by navigating to Settings > SNMP > Trap Destinations. Type the IP address of the destination SNMP server where the traps are sent. Enter the port number and type “public” (without quotes) as the community string.

Set up notifications for SSL certificate expiry

In this article