11.3. Setting up Specific Jobs

Automated jobs can be configured through the Certificate Manager Console or by editing the configuration file directory. It is recommended that these changes be made through the Certificate Manager Console.

11.3.1. Configuring Specific Jobs Using the Certificate Manager Console

To enable and configure an automated job using the Certificate Manager Console:

Open the Certificate Manager Console.

pkiconsole https://server.example.com:8443/ca

Confirm that the Jobs Scheduler is enabled. See Section 11.2, “Setting up the Job Scheduler” for more information.
In the Configuration tab, select Job Scheduler from the navigation tree. Then select Jobs to open the Job Instance tab.
Select the job instance from the list, and click Edit/View.
The Job Instance Editor opens, showing the current job configuration.
Figure 11.1. Job Configuration
Select enabled to turn on the job.
Set the configuration settings by specifying them in the fields for this dialog.
- For certRenewalNotifier, see Section 11.3.3, “Configuration Parameters of certRenewalNotifier”.
- For requestInQueueNotifier, see Section 11.3.4, “Configuration Parameters of requestInQueueNotifier”.
- For publishCerts, see Section 11.3.5, “Configuration Parameters of publishCerts”.
- For unpublishExpiredCerts, see Section 11.3.6, “Configuration Parameters of unpublishExpiredCerts”.
- For more information about setting the cron time frequencies, see Section 11.3.7, “Frequency Settings for Automated Jobs”.
Click OK.
Click Refresh to view any changes in the main window.
If the job is configured to send automatic messages, check that a mail server is set up correctly. See Section 10.4, “Configuring a Mail Server for Certificate System Notifications”.
Customize the email message text and appearance.

11.3.2. Configuring Jobs by Editing the Configuration File

Ensure that the Jobs Scheduler is enabled and configured; see Section 11.2, “Setting up the Job Scheduler”.

Stop the CA subsystem instance.

systemctl stop pki-tomcatd@instance_name.service

Open the CS.cfg file for that server instance in a text editor.
Edit all of the configuration parameters for the job module being configured.
- To configure the certRenewalNotifier job, edit all parameters that begin with jobsScheduler.job.certRenewalNotifier; see Section 11.3.3, “Configuration Parameters of certRenewalNotifier”.
- To configure the requestInQueueNotifier job, edit all parameters that begin with jobsScheduler.job.requestInQueueNotifier; see Section 11.3.4, “Configuration Parameters of requestInQueueNotifier”.
- To configure the publishCerts job, edit all parameters that begin with jobsScheduler.job.publishCerts; see Section 11.3.5, “Configuration Parameters of publishCerts”.
- To configure the unpublishExpiredCerts job, edit all parameters that begin with jobsScheduler.job.unpublishExpiredCerts; see Section 11.3.6, “Configuration Parameters of unpublishExpiredCerts”.
Save the file.

Restart the server instance.

systemctl start pki-tomcatd@instance_name.service

If the job will send automated messages, check that the mail server is set up correctly. See Section 10.4, “Configuring a Mail Server for Certificate System Notifications”.
Customize the automatic job messages.

11.3.3. Configuration Parameters of certRenewalNotifier

Table 11.1, “certRenewalNotifier Parameters” gives details for each of these parameters that can be configured for the certRenewalNotifier job, either in the CS.cfg file or in the Certificate Manager Console.

Table 11.1. certRenewalNotifier Parameters

Parameter	Description
`enabled`	Specifies whether the job is enabled or disabled. The value `true` enables the job; `false` disables it.
`cron`	Sets the schedule when this job should be run. This sets the time at which the Job Scheduler daemon thread checks the certificates for sending renewal notifications. These settings must follow the conventions in Section 11.3.7, “Frequency Settings for Automated Jobs”. For example: 0 3 * * 1-5 The job in the example is run Monday through Friday at 3:00 pm.
`notifyTriggerOffset`	Sets how long (in days) before the certificate expiration date the first notification will be sent.
`notifyEndOffset`	Sets how long (in days) after the certificate expires that notifications will continue to be sent if the certificate is not replaced.
`senderEmail`	Sets the sender of the notification messages, who will be notified of any delivery problems.
`emailSubject`	Sets the text of the subject line of the notification message.
`emailTemplate`	Sets the path, including the filename, to the directory that contains the template to use to create the message content.
`summary.enabled`	Sets whether a summary report of renewal notifications should be compiled and sent. The value `true` enables sending the summary; `false` disables it. If enabled, set the remaining summary parameters; these are required by the server to send the summary report.
`summary.recipientEmail`	Specifies the recipients of the summary message. These can be agents who need to know the status of user certificates or other users. Set more than one recipient by separating each email address with a comma.
`summary.senderEmail`	Specifies the email address of the sender of the summary message.
`summary.emailSubject`	Gives the subject line of the summary message.
`summary.itemTemplate`	Gives the path, including the filename, to the directory that contains the template to use to create the content and format of each item to be collected for the summary report.
`summary.emailTemplate`	Gives the path, including the filename, to the directory that contains the template to use to create the summary report email notification.

11.3.4. Configuration Parameters of requestInQueueNotifier

Table 11.2, “requestInQueueNotifier Parameters” gives details for each of these parameters that can be configured for the requestInQueueNotifier job, either in the CS.cfg file or in the Certificate Manager Console.

Table 11.2. requestInQueueNotifier Parameters

Parameter	Description
`enabled`	Sets whether the job is enabled (`true`) or disabled (`false`).
`cron`	Sets the time schedule for when the job should run. This is the time at which the Job Scheduler daemon thread checks the queue for pending requests. This setting must follow the conventions in Section 11.3.7, “Frequency Settings for Automated Jobs”. For example: 0 0 * * 0
`subsystemid`	Specifies the subsystem which is running the job. The only possible value is `ca`, for the Certificate Manager.
`summary.enabled`	Specifies whether a summary of the job accomplished should be compiled and sent. The value `true` enables the summary reports; `false` disables them. If enabled, set the remaining summary parameters; these are required by the server to send the summary report.
`summary.emailSubject`	Sets the subject line of the summary message.
`summary.emailTemplate`	Specifies the path, including the filename, to the directory containing the template to use to create the summary report.
`summary.senderEmail`	Specifies the sender of the notification message, who will be notified of any delivery problems.
`summary.recipientEmail`	Specifies the recipients of the summary message. These can be agents who need to process pending requests or other users. More than one recipient can be listed by separating each email address with a comma.

11.3.5. Configuration Parameters of publishCerts

Table 11.3, “publishCerts Parameters” gives details for each of these parameters that can be configured for the publishCerts job, either in the CS.cfg file or in the Certificate Manager Console.

Table 11.3. publishCerts Parameters

Parameter	Description
`enabled`	Sets whether the job is enabled. The value `true` is enabled; `false` is disabled.
`cron`	Sets the time schedule for when the job runs. This is the time the Job Scheduler daemon thread checks the certificates to removing expired certificates from the publishing directory. This setting must follow the conventions in Section 11.3.7, “Frequency Settings for Automated Jobs”. For example: 0 0 * * 6
`summary.enabled`	Specifies whether a summary of the certificates removed by the job should be compiled and sent. The value `true` enables the summaries; `false` disables them. If enabled, set the remaining summary parameters; these are required by the server to send the summary report.
`summary.emailSubject`	Gives the subject line of the summary message.
`summary.emailTemplate`	Specifies the path, including the filename, to the directory containing the template to use to create the summary report.
`summary.itemTemplate`	Specifies the path, including the filename, to the directory containing the template to use to create the content and format of each item collected for the summary report.
`summary.senderEmail`	Specifies the sender of the summary message, who will be notified of any delivery problems.
`summary.recipientEmail`	Specifies the recipients of the summary message. These can be agents who need to know the status of user certificates or other users. More than one recipient can be set by separating each email address with a comma.

11.3.6. Configuration Parameters of unpublishExpiredCerts

Table 11.4, “unpublishExpiredCerts Parameters” gives details for each of these parameters that can be configured for the unpublishedExpiresCerts job, either in the CS.cfg file or in the Certificate Manager Console.

Table 11.4. unpublishExpiredCerts Parameters

Parameter	Description
`enabled`	Sets whether the job is enabled. The value `true` is enabled; `false` is disabled.
`cron`	Sets the time schedule for when the job runs. This is the time the Job Scheduler daemon thread checks the certificates to removing expired certificates from the publishing directory. This setting must follow the conventions in Section 11.3.7, “Frequency Settings for Automated Jobs”. For example: 0 0 * * 6
`summary.enabled`	Specifies whether a summary of the certificates removed by the job should be compiled and sent. The value `true` enables the summaries; `false` disables them. If enabled, set the remaining summary parameters; these are required by the server to send the summary report.
`summary.emailSubject`	Gives the subject line of the summary message.
`summary.emailTemplate`	Specifies the path, including the filename, to the directory containing the template to use to create the summary report.
`summary.itemTemplate`	Specifies the path, including the filename, to the directory containing the template to use to create the content and format of each item collected for the summary report.
`summary.senderEmail`	Specifies the sender of the summary message, who will be notified of any delivery problems.
`summary.recipientEmail`	Specifies the recipients of the summary message. These can be agents who need to know the status of user certificates or other users. More than one recipient can be set by separating each email address with a comma.

11.3.7. Frequency Settings for Automated Jobs

The Job Scheduler uses a variation of the Unix crontab entry format to specify dates and times for checking the job queue and executing jobs. As shown in Table 11.5, “Time Values for Scheduling Jobs” and Figure 11.1, “Job Configuration”, the time entry format consists of five fields. (The sixth field specified for the Unix crontab is not used by the Job Scheduler.) Values are separated by spaces or tabs.

Each field can contain either a single integer or a pair of integers separated by a hyphen (-) to indicate an inclusive range. To specify all legal values, a field can contain an asterisk rather than an integer. Day fields can contain a comma-separated list of values. The syntax of this expression is

Minute Hour Day_of_month Month_of_year Day_of_week

Table 11.5. Time Values for Scheduling Jobs

Field	Value
Minute	0-59
Hour	0-23
Day of month	1-31
Month of year	1-12
Day of week	0-6 (where 0=Sunday)

For example, the following time entry specifies every hour at 15 minutes (1:15, 2:15, 3:15, and so on):

15 * * * *

The following example sets a job to run at noon on April 12:

0 12 12 4 *

The day-of-month and day-of-week options can contain a comma-separated list of values to specify more than one day. If both day fields are specified, the specification is inclusive; that is, the day of the month is not required to fall on the day of the week to be valid. For example, the following entry specifies a job execution time of midnight on the first and fifteenth of every month and on every Monday:

0 0 1,15 * 1

To specify one day type without the other, use an asterisk in the other day field. For example, the following entry runs the job at 3:15 a.m. every weekday morning:

15 3 * * 1-5

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories