Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
tutorial:adm:modules_crt_lrt_notification [2019/11/07 14:12] doischert |
tutorial:adm:modules_crt_lrt_notification [2024/04/23 10:59] (current) cem [Auto-Generating or Revocation of Certificates] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Modules - Certificates: | + | ====== Modules - Certificates: |
In this tutorial, we will create a new scheduled task. This scheduled task will send a notification a few days before a certificate expires. | In this tutorial, we will create a new scheduled task. This scheduled task will send a notification a few days before a certificate expires. | ||
===== What do you need before you start ===== | ===== What do you need before you start ===== | ||
- | | + | |
- | * You need to be logged in as **admin** (or a user with superAdminRole). | + | |
- | * You need to enable the **Certificate** module. | + | * You need to be logged in as **admin** |
+ | * You need to enable the **Certificate** | ||
===== Create scheduled task ===== | ===== Create scheduled task ===== | ||
- | In the left menu, select **Settings** and then **Task scheduler**. And click on **Add** button. | ||
- | {{ : | + | In the left menu, select **Settings** |
- | In the popup window select **CertificateExpirationWarningOwnerTaskExecutor** and fill in how many days before a certificate expires you want to receive the notification, | + | {{ |
- | {{ :tutorial: | + | In the popup window select **CertificateExpirationWarningOwnerTaskExecutor** |
- | As you can see in the following picture, there is now new scheduled task with a parameter of 3 **days before**. In column **Action** there is a green button " | + | {{ |
- | {{ : | + | As you can see in the following picture, there is now new scheduled task with a parameter of 3 **days before**. In column **Action** |
+ | |||
+ | {{ .: | ||
Scheduled task will send a notification to the owner of the certificate when certificate would expire in 3 days. | Scheduled task will send a notification to the owner of the certificate when certificate would expire in 3 days. | ||
- | {{ : | + | {{ .: |
Congratulations, | Congratulations, | ||
===== Notification configuration ===== | ===== Notification configuration ===== | ||
- | In this part of tutorial, there are mentioned a few certificate notifications, | + | |
- | The configuration of these notifications is in the left menu **Settings**->**Configuration**. | + | In this part of tutorial, there are mentioned a few certificate notifications, |
Configured notification topics (email by default): | Configured notification topics (email by default): | ||
- | * **certificateExpiredOwner** - When a certificate is expired, notification is sent to certificate owner. | ||
- | * Can be disabled by property '' | ||
- | * **certificateExpiredAdmin** - When a certificate is expired, notification is sent to certificate admin. | ||
- | * Certificate admins are identities with role configured by property '' | ||
- | * Can be disabled by property '' | ||
- | * **certificateRevokedOwner** - When a certificate is revoked, notification is sent to certificate owner. | ||
- | * Can be disabled by property '' | ||
- | * **certificateRevokedAdmin** - When a certificate is revoked, notification is sent to certificate admin. | ||
- | * Certificate admins are identities with role configured by property '' | ||
- | * Can be disabled by property '' | ||
- | * **certificateCreatedOwner** - When a certificate is created, notification is sent to certificate owner. | ||
- | * Can be disabled by property '' | ||
- | * **certificateCreatedAdmin** - When a certificate is created, notification is sent to certificate admin. | ||
- | * Certificate admins are identities with role configured by property '' | ||
- | * Can be disabled by property '' | ||
- | * **requestApproved** - When a certificate request is approved, notification is sent to certificate owner. | ||
- | * **requestDisapproved** - When a certificate request is disapproved, | ||
- | * **certificateCreatedPasswordOwner** - notification with new password generates or filled during creating certificate. | ||
- | Each topic has a template with the same name with '' | + | * **certificateExpiredOwner** |
+ | * Can be disabled by property '' | ||
+ | * **certificateExpiredAdmin** | ||
+ | * Certificate admins are identities with role configured by property '' | ||
+ | * Can be disabled by property '' | ||
+ | * **certificateRevokedOwner** | ||
+ | * Can be disabled by property '' | ||
+ | * **certificateRevokedAdmin** | ||
+ | * Certificate admins are identities with role configured by property '' | ||
+ | * Can be disabled by property '' | ||
+ | * **certificateCreatedOwner** | ||
+ | * Can be disabled by property '' | ||
+ | * **certificateCreatedAdmin** | ||
+ | * Certificate admins are identities with role configured by property '' | ||
+ | * Can be disabled by property '' | ||
+ | * **requestApproved** | ||
+ | * **requestDisapproved** | ||
+ | * **certificateCreatedPasswordOwner** | ||
+ | Each topic has a template with the same name with '' | ||
+ | |||
+ | ===== Auto-Renewal of Certificates ===== | ||
+ | |||
+ | To enable auto-renewal of certificates before expiration, you would need to set **CertificateRenewalTaskExecutor **in (**Settings → Scheduler and Scheduled Tasks**) that triggers renewal tasks automatically in user defined times its not automatically sett. There should be a set how many days before the expiration of a certificate the renewal process should be initiated. This ensures that certificates are renewed. | ||
+ | |||
+ | Setting conditions before renewal: | ||
+ | |||
+ | User or Role Validity Checks: | ||
+ | |||
+ | When setting up the renewal process, there is an option to choose between checking the validity of a user or a role. | ||
+ | |||
+ | * If " | ||
+ | * Additionally, | ||
+ | |||
+ | Combining Conditions or no conditions: | ||
+ | |||
+ | * You can combine both role-based and user validity checks before triggering the certificate renewal process. If both of these conditions are left empty, validation will be ignored, and every certificate within the defined timeframe before expiration will be updated. | ||
+ | |||
+ | Setting example | ||
+ | |||
+ | {{.: | ||
+ | |||
+ | The task showed in this image is designed to renew certificates with 5 days or less remaining validity. Minimum value is 1 which means certificates will be updated at expiration time. **Be careful expired certificates can't be renew!** | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | ===== Auto-Generating or Revocation of Certificates ===== | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | To enable auto-generating or revocating of certificates, | ||
+ | === Setting example and explanation what will happen when LRT starts: === | ||
+ | |||
+ | Role - defines ownership of certificate | ||
+ | |||
+ | {{.: | ||
+ | |||
+ | LRT check conditions for each user: | ||
+ | |||
+ | User have role **Certificate** and don't have valid certificate → LRT will generate new certificate for him. | ||
+ | |||
+ | User have role **Certificate** and one or more valid certificates → nothing will be changed. | ||
+ | |||
+ | User don't have role **Certificate** and have one or more valid certificates → LRT will revoke certificate o. | ||
+ | |||
+ | User don’t have role **Certificate** and don’t have certificate → nothing will be changed | ||
+ | |||
+ | At the end of this task every user with defined role will have certificate. | ||
+ |