Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:modules_crt_lrt_notification [2024/03/26 21:34]
cem
+++ tutorial:adm:modules_crt_lrt_notification [2024/04/23 10:59] (current)
cem [Auto-Generating or Revocation of Certificates]
@@ Line 1: / Line 1: @@
-====== Modules - Certificates: - Scheduled tasks, notifications and automatic certificate renew ======
+====== Modules - Certificates: - Scheduled tasks, notifications and automatic certificate renew, generating or revocation ======
 In this tutorial, we will create a new scheduled task. This scheduled task will send a notification a few days before a certificate expires.
@@ Line 57: / Line 57: @@
 ===== Auto-Renewal of Certificates =====
-To enable auto-renewal of certificates before expiration, you would need to set **CertificateRenewalTaskExecutor **in (**Settings → Scheduler and Scheduled Tasks**) that triggers renewal tasks automatically in defined times. There should be a set how many days before the expiration of a certificate the renewal process should be initiated. This ensures that certificates are renewed.
+To enable auto-renewal of certificates before expiration, you would need to set **CertificateRenewalTaskExecutor **in (**Settings → Scheduler and Scheduled Tasks**) that triggers renewal tasks automatically in user defined times its not automatically sett. There should be a set how many days before the expiration of a certificate the renewal process should be initiated. This ensures that certificates are renewed.
 Setting conditions before renewal:
@@ Line 76: / Line 76: @@
 {{.:crt_autorenew.png?nolink&697x545}}
-The task showed in this image is designed to renew certificates with 5 days or less remaining validity. It checks whether the owner of the certificate holds a specific role, in this case, the role "Certificate." The user validity check is turned off.
+The task showed in this image is designed to renew certificates with 5 days or less remaining validity. Minimum value is 1 which means certificates will be updated at expiration time. **Be careful expired certificates can't be renew!**  It checks whether the owner of the certificate holds a specific role, in this case, the role "Certificate." The user validity check is turned off. How to set task to be runining periodicaly or once is described above.
+<note important> Check results of executed renew task in **Settings → Task scheduler**  find tab **ALL TASKS**  in field Task type find **CertificateRenewalTaskExecutor**  and click magnify glass and open tab **Processed items**. There you can check which certificates was renewed. </note>
+===== Auto-Generating or Revocation of Certificates =====
+<note important> **CrtManageCertificatesForRole **expect to have defined only one certification authority in Idm! </note>
+To enable auto-generating or revocating of certificates, you would need to set **CrtManageCertificatesForRole **in (**Settings ****→**** Scheduler and Scheduled Tasks**) that triggers generate or revocate tasks automatically in user defined times. This task is not automatically sett! You should choose role which defines certificate ownership. This ensures that certificates are generated or revocated.
+=== Setting example and explanation what will happen when LRT starts: ===
+Role - defines ownership of certificate
+{{.:crt-example.png?nolink&720x397}}
+LRT check conditions for each user:
+User have role **Certificate** and don't have valid certificate → LRT will generate new certificate for him.
+User have role **Certificate** and one or more valid certificates → nothing will be changed.
+User don't have role **Certificate** and have one or more valid certificates → LRT will revoke certificate o.
+User don’t have role **Certificate** and don’t have certificate → nothing will be changed
+At the end of this task every user with defined role will have certificate.