Modules - Certificates: - Scheduled tasks and notifications

In this tutorial, we will create a new scheduled task. This scheduled task will send a notification when certificates will be a few days before expiring.

• You need install CzechIdM 7.7.0 (and higher).
• You need be logged in as admin.
• You need enable Certificate module.

In the left menu select Settings and then Task scheduler. And click on Add button.

In a popup window choose CertificateExpirationWarningOwnerTaskExecutor and fill in a number of days before a certificate will expire you want to receive notification, in our tutorial it is 3. (There is another scheduled task CertificateExpirationWarningAdminTaskExecutor, which is similar, just notification is sent to users with role defined in scheduled task.)

As you can see in the following picture, there is now new scheduled task with a parameter of 3 days before. In column Action there is a green button "play" and by clicking on it, the scheduled task will start. (If you want to start this task automatically, look in tutorial about triggers.)

Scheduled task will send a notification to the owner of the certificate when certificate would expire in 3 days.

Congratulations, now your certificates will never expire.

In this part of tutorial, there are mentioned a few certificate notifications, which can be easily configurated. The configuration of these notifications is in the left menu Settings→Configuration.

Configured notification topics (email by default):

• certificateExpiredOwner - When a certificate is expired, notification is sent to certificate owner.
  • Can be disabled by property idm.sec.crt.processor.certificate-expired-notification-owner-processor.enabled=false.
• certificateExpiredAdmin - When a certificate is expired, notification is sent to certificate admin.
  • Certificate admins are identities with role configured by property idm.sec.crt.processor.certificate-expired-notification-admin-processor.adminRole. When no identity is found, then notification isn't sent.
  • Can be disabled by property idm.sec.crt.processor.certificate-expired-notification-admin-processor.enabled=false.
• certificateRevokedOwner - When a certificate is revoked, notification is sent to certificate owner.
  • Can be disabled by property idm.sec.crt.processor.certificate-revoked-notification-owner-processor.enabled=false.
• certificateRevokedAdmin - When a certificate is revoked, notification is sent to certificate admin.
  • Certificate admins are identities with role configured by property idm.sec.crt.processor.certificate-revoked-notification-admin-processor.adminRole. When no identity is found, then notification isn't sent.
  • Can be disabled by property idm.sec.crt.processor.certificate-revoked-notification-admin-processor.enabled=false.
• certificateCreatedOwner - When a certificate is created, notification is sent to certificate owner.
  • Can be disabled by property idm.sec.crt.processor.certificate-created-notification-owner-processor.enabled=false.
• certificateCreatedAdmin - When a certificate is created, notification is sent to certificate admin.
  • Certificate admins are identities with role configured by property idm.sec.crt.processor.certificate-created-notification-admin-processor.adminRole. When no identity is found, then notification isn't sent.
  • Can be disabled by property idm.sec.crt.processor.certificate-created-notification-admin-processor.enabled=false.
• requestApproved - When a certificate request is approved, notification is sent to certificate owner.
• requestDisapproved - When a certificate request is disapproved, notification is sent to certificate owner.
• certificateCreatedPasswordOwner - notification with new password generates or filled during creating certificate.

Each topic has a template with the same name with Crt prefix in module resources.