If you want an alert when a certificate is expiring, you need to enable “Certificate Expiration Check” under Device> Setup> Management> General Settings.

Note: Please note that the certificate check is only for the Device Certificate of the FW and not for all the certificates present on the firewall under Device→Certificates.

( eventid eq general ) and ( description contains 'Device certificate expires in 15 or less days' )

Also, when the certificate expires you will get a critical 'crypto' syslog with

Shared certificate cert-name and corresponding key have expired.