2.3 Check certificate expiration

As from version 1.5.0, you can use the APIM CLI to check whether certificates stored in API Manager for APIs will expire within a defined number of days. Our recommendation is that you run this command as a time job in your pipeline as a regular cron job.

If certificates expire, for example within the next 90 days, you will receive the following report:

apim api check-certs -s api-env -days 90
...
.....
...
Going to check certificates expiration of: 3 selected API(s) within the next 23350 days (2085-10-16 11:20).
The following certificates will expire in the next 23350 days.
+------------------+-----------+----------+----------+------------------+------------------+------------------+---------------------------------+
| API-Id           | API-Name  | API-Path | API-Ver. | Certificate-Name | Not valid after  | Not valid before | MD5-Fingerprint                 |
+------------------+-----------+----------+----------+------------------+------------------+------------------+---------------------------------+
| e95e229d-6a..... | My API... | /api/e...|      3.7 | CN=*.eu.ngrok.io | 2085-05-15 23:38 | 2085-02-14 22:38 | 3C:00:5E:8F:5F:8F:18:EE:83:.... |
+------------------+-----------+----------+----------+------------------+------------------+------------------+---------------------------------+
Done!

In addition, the CLI is terminated with the return code: 101 (Certificates found that will expire within the given number of days.), which causes the pipeline to go to error accordingly.