DataPower

DataPower

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  How to mail certificate expiration notifications to dfiferent email adresses per domain?

    Posted 9 days ago

    Hello All,

    Is it possible to have a log target for certificate expiries go to different email adresses per datapower domain ?

    we have different domains defined within our datapower and every domain is maintained by different team (which each has his own mailbox). So the notification about certificate expiry within each domain should go to a different mailbox. But I can't figure out how to do that (within Datapower).

    Situation
    We have a cert monitor in the default domain and a log target with the right event subscription. Which neatly gives us a mail for every certificate in every domain in the same mailbox. That works fine. Bit since each domain is managed by a different team we want each team to have information for themselves in their own mailbox on certificate expiries within their domain.

    things already tried
    - create a log target within another domain with the same settings as the default domain log target except for a different email adres. That doesn't work (probably because the log entry thrown by the cert monitor is thrown for default domain (even though the certificate is within the other domain).
    - create another log target within the default domain not only with an event filter but also an object filer on the specific domain. Doesn't work (probably because of the same reason mentioned above)

    information already consulted for this (but these are generic setups for default domain which works fine)
    https://www.ibm.com/docs/en/datapower-gateway/10.6.0?topic=certificates-defining-certificate-monitor
    https://integrationtechies.wordpress.com/2017/11/16/how-to-get-an-email-notification-when-certificates-are-about-to-expire-in-datapower/

    So how to configure someting within datapower that sends mail to a specific mail adress for a specific domain ?

    p.s. a normal certificate expiry notification (in plain text looks like this)
    Date:    Wed Jun 18 2025 16:21:59
    Name:    <our DP name>
    Domain:  default
    Type:    cert-monitor
    Level:   warn
    Class:   cert-monitor
    Object:  Certificate Monitor
    Ttype:   
    Tid:     447
    Client:  
    Event:   Certificate <cert_name> in domain <domain_name> expired at '2025-06-03T07:13:00Z'
    Event Code: 0x806000e1



    ------------------------------
    ST Integratie
    Dienst Uitvoering Onderwijs
    ------------------------------


  • 2.  RE: How to mail certificate expiration notifications to dfiferent email adresses per domain?

    Posted 9 days ago
    It seems to me - if just sending everything to everyone is not an option that you may need to configure a log target that gets the information in a non-SMTP format. That log target should be an on-box policy that then has one rule for each domain/destination using a match action to filter and then sends the information out as an SMTP email to just that one address for the domain. I admit to being a bit rusty in this field, but that should be doable(?)

    Gerd Diederichs


    Original Message


  • 3.  RE: How to mail certificate expiration notifications to dfiferent email adresses per domain?

    Posted 4 days ago

    Interesting. 

    If I were to need this and had nothing already, I'd approach it in one of two ways.   1)  Send normal logs from the logging target to something off-box that can process it and send the emails to the correct senders.  2) Send the logs to an on-box service that can do the same (might cause some problems).



    ------------------------------
    Joseph Morgan
    CEO - Independent
    ------------------------------

    Original Message


Related Content