Show Table of Contents
Chapter 12. Setting Automated Jobs
The Certificate System provides a customizable Job Scheduler that supports various mechanisms for scheduling
cronjobs. This chapter explains how to configure Certificate System to use specific job plug-in modules for accomplishing jobs.
12.1. About Automated Jobs
The Certificate Manager Console includes a Job Scheduler option that can execute specific jobs at specified times. The Job Scheduler is similar to a traditional Unix
crondaemon; it takes registered
cronjobs and executes them at a pre-configured date and time. If configured, the scheduler checks at specified intervals for jobs waiting to be executed; if the specified execution time has arrived, the scheduler initiates the job automatically.
Jobs are implemented as Java™ classes, which are then registered with Certificate System as plug-in modules. One implementation of a job module can be used to configure multiple instances of the job. Each instance must have a unique name (an alphanumeric string with no spaces) and can contain different input parameter values to apply to different jobs.
12.1.1. Setting up Automated Jobs
The automated jobs feature is set up by doing the following:
- Enabling and configuring the Job Scheduler; see Section 12.2, “Setting up the Job Scheduler” for more information.
- Enabling and configuring the job modules and setting preferences for those job modules; see Section 12.3, “Setting up Specific Jobs” for more information.
- Customizing the email notification messages sent with these jobs by changing the templates associated with the types of notification. The message contents are composed of both plain text messages and HTML messages; the appearance is modified by changing the HTML templates. See Section 11.3.1, “Customizing CA Notification Messages” for more information.
12.1.2. Types of Automated Jobs
The types of automated jobs are
UnpublishExpiredJob. One instance of each job type is created when Certificate System is deployed.
18.104.22.168. certRenewalNotifier (RenewalNotificationJob)
certRenewalNotifierjob checks for certificates that are about to expire in the internal database. When it finds one, it automatically emails the certificate's owner and continues sending email reminders for a configured period of time or until the certificate is replaced. The job collects a summary of all renewal notifications and mails the summary to the configured agents or administrators.
The job determines the email address to send the notification using an email resolver. By default, the email address is found in the certificate itself or in the certificate's associated enrollment request.
22.214.171.124. requestInQueueNotifier (RequestInQueueJob)
requestInQueueNotifierjob checks the status of the request queue at pre-configured time intervals. If any deferred enrollment requests are waiting in the queue, the job constructs an email message summarizing its findings and sends it to the specified agents.
126.96.36.199. publishCerts (PublishCertsJob)
publishCertsjob checks for any new certificates that have been added to the publishing directory that have not yet been published. When these new certificates are added, they are automatically published to an LDAP directory or file by the
Most of the time, publishers immediately publish any certificates that are created matching their rules to the appropriate publishing directory.
If a certificate is successfully published when it is created, then the
publishCertsjob will not re-publish the certificate. Therefore, the new certificate will not be listed in the job summary report, since the summary only lists certificates published by the
188.8.131.52. unpublishExpiredCerts (UnpublishExpiredJob)
Expired certificates are not automatically removed from the publishing directory. If a Certificate Manager is configured to publish certificates to an LDAP directory, over time the directory will contain expired certificates.
unpublishExpiredCertsjob checks for certificates that have expired and are still marked as
publishedin the internal database at the configured time interval. The job connects to the publishing directory and deletes those certificates; it then marks those certificates as
unpublishedin the internal database. The job collects a summary of expired certificates that it deleted and mails the summary to the agents or administrators specified by the configuration.
This job automates removing expired certificates from the directory. Expired certificates can also be removed manually; for more information on this, see Section 8.12, “Updating Certificates and CRLs in a Directory”.