CS should have a configurable setting to notify users that a certificate is about to expire. The notification period should be defined by the CS admin to notify the user X seconds before a certificate expires. The email address users input when requesting certificate should be used for these notifications. Finally, these advanced notifications should be enabled/disabled on a per-profile basis.
Use case:
1) I obtain a user certificate via CLI or GUI. 90 days before that certificate expires I would receive a notification with a URL to go renew that certificate.
2) I generate a CSR and request a server certificate. Since this will be used in production, the email address I use is a team alias. 90 days before the certificate expires, the team alias email address receives a notification to renew the cert.
Current doc for this feature:
https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Setting_up_Specific_Jobs.html#Configuration_Parameters_of_certRenewalNotifier
This is great. I don't see anything about how often the notifications will repeat. Will they repeat every time the job runs (daily)? Or is it just a one time hit? What we are looking for is a repeat frequency. Something like:
The settings also appear to be global. It would be useful to be able to override settings on a per-profile level.
Thanks!
From IRC conversation of 10/20/2015: 10.3 - minor
Replying to [comment:3 bja]:
This is great. I don't see anything about how often the notifications will repeat. Will they repeat every time the job runs (daily)? Or is it just a one time hit? What we are looking for is a repeat frequency. Something like: first notification goes out at 90 days then 60 days then 30 days then 15 days then 5 days and every day until the cert expires or is renewed The settings also appear to be global. It would be useful to be able to override settings on a per-profile level. Thanks!
Yes. The certRenewalNotifier example you see in the default CS.cfg is just one instance as your example. You can create multiple instances of the same RenewalNotificationJob plugin and give it/them different config's with different instance names like certRenewalNotifier15 for 15-day notice, etc. This of course will take up more cycles than having just one job that does all the checks.
The existing job plugins are not currently tied into the profile framework.
Regarding email recipient, I think this particular default plugin only sends a summary report to the recipient list listed in the configuration instead of affected individual. But I imagine you could use this default plugin as a template and massage it to extract email info from the request record.
This is what is planned to be done for this ticket:
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1303173
Per CS Bug/Ticket Triage held 04/19/2016: 10.4
Metadata Update from @bja: - Issue assigned to cfu - Issue set to the milestone: UNTRIAGED
Metadata Update from @mharmsen: - Custom field feature adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field version adjusted to None - Issue close_status updated to: None - Issue priority set to: major (was: minor) - Issue set to the milestone: FUTURE (was: UNTRIAGED)
Per 10.5.x/10.6 Triage: FUTURE
RHBZ: CLOSED UPSTREAM
Metadata Update from @mharmsen: - Custom field rhbz reset (from https://bugzilla.redhat.com/show_bug.cgi?id=1303173)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2194
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.