12.3. Setting up Specific Jobs
12.3.1. Configuring Specific Jobs Using the Certificate Manager Console
- Open the Certificate Manager Console.
pkiconsole https://server.example.com:8443/ca
- Confirm that the Jobs Scheduler is enabled. See Section 12.2, “Setting up the Job Scheduler” for more information.
- In the Configuration tab, select Job Scheduler from the navigation tree. Then select Jobs to open the Job Instance tab.Select the job instance from the list, and click.The Job Instance Editor opens, showing the current job configuration.
Figure 12.1. Job Configuration
- Select enabled to turn on the job.
- Set the configuration settings by specifying them in the fields for this dialog.
- For
certRenewalNotifier
, see Section 12.3.3, “Configuration Parameters of certRenewalNotifier”. - For
requestInQueueNotifier
, see Section 12.3.4, “Configuration Parameters of requestInQueueNotifier”. - For
publishCerts
, see Section 12.3.5, “Configuration Parameters of publishCerts”. - For
unpublishExpiredCerts
, see Section 12.3.6, “Configuration Parameters of unpublishExpiredCerts”. - For more information about setting the
cron
time frequencies, see Section 12.3.7, “Frequency Settings for Automated Jobs”.
- Click.
- Clickto view any changes in the main window.
- If the job is configured to send automatic messages, check that a mail server is set up correctly. See Section 11.4, “Configuring a Mail Server for Certificate System Notifications”.
- Customize the email message text and appearance.
12.3.2. Configuring Jobs by Editing the Configuration File
- Ensure that the Jobs Scheduler is enabled and configured; see Section 12.2, “Setting up the Job Scheduler”.
- Stop the CA subsystem instance.
systemctl stop pki-tomcatd@instance_name.service
- Open the
CS.cfg
file for that server instance in a text editor. - Edit all of the configuration parameters for the job module being configured.
- To configure the
certRenewalNotifier
job, edit all parameters that begin withjobsScheduler.job.certRenewalNotifier
; see Section 12.3.3, “Configuration Parameters of certRenewalNotifier”. - To configure the
requestInQueueNotifier
job, edit all parameters that begin withjobsScheduler.job.requestInQueueNotifier
; see Section 12.3.4, “Configuration Parameters of requestInQueueNotifier”. - To configure the
publishCerts
job, edit all parameters that begin withjobsScheduler.job.publishCerts
; see Section 12.3.5, “Configuration Parameters of publishCerts”. - To configure the
unpublishExpiredCerts
job, edit all parameters that begin withjobsScheduler.job.unpublishExpiredCerts
; see Section 12.3.6, “Configuration Parameters of unpublishExpiredCerts”.
- Save the file.
- Restart the server instance.
systemctl start pki-tomcatd@instance_name.service
- If the job will send automated messages, check that the mail server is set up correctly. See Section 11.4, “Configuring a Mail Server for Certificate System Notifications”.
- Customize the automatic job messages.
12.3.3. Configuration Parameters of certRenewalNotifier
certRenewalNotifier
job, either in the CS.cfg
file or in the Certificate Manager Console.
Table 12.1. certRenewalNotifier Parameters
Parameter | Description |
---|---|
enabled | Specifies whether the job is enabled or disabled. The value true enables the job; false disables it. |
cron |
Sets the schedule when this job should be run. This sets the time at which the Job Scheduler daemon thread checks the certificates for sending renewal notifications. These settings must follow the conventions in Section 12.3.7, “Frequency Settings for Automated Jobs”. For example:
0 3 * * 1-5
The job in the example is run Monday through Friday at 3:00 pm.
|
notifyTriggerOffset | Sets how long (in days) before the certificate expiration date the first notification will be sent. |
notifyEndOffset | Sets how long (in days) after the certificate expires that notifications will continue to be sent if the certificate is not replaced. |
senderEmail | Sets the sender of the notification messages, who will be notified of any delivery problems. |
emailSubject | Sets the text of the subject line of the notification message. |
emailTemplate | Sets the path, including the filename, to the directory that contains the template to use to create the message content. |
summary.enabled | Sets whether a summary report of renewal notifications should be compiled and sent. The value true enables sending the summary; false disables it. If enabled, set the remaining summary parameters; these are required by the server to send the summary report. |
summary.recipientEmail | Specifies the recipients of the summary message. These can be agents who need to know the status of user certificates or other users. Set more than one recipient by separating each email address with a comma. |
summary.senderEmail | Specifies the email address of the sender of the summary message. |
summary.emailSubject | Gives the subject line of the summary message. |
summary.itemTemplate | Gives the path, including the filename, to the directory that contains the template to use to create the content and format of each item to be collected for the summary report. |
summary.emailTemplate | Gives the path, including the filename, to the directory that contains the template to use to create the summary report email notification. |
12.3.4. Configuration Parameters of requestInQueueNotifier
requestInQueueNotifier
job, either in the CS.cfg
file or in the Certificate Manager Console.
Table 12.2. requestInQueueNotifier Parameters
Parameter | Description |
---|---|
enabled | Sets whether the job is enabled (true ) or disabled (false ). |
cron |
Sets the time schedule for when the job should run. This is the time at which the Job Scheduler daemon thread checks the queue for pending requests. This setting must follow the conventions in Section 12.3.7, “Frequency Settings for Automated Jobs”. For example:
0 0 * * 0 |
subsystemid | Specifies the subsystem which is running the job. The only possible value is ca , for the Certificate Manager. |
summary.enabled | Specifies whether a summary of the job accomplished should be compiled and sent. The value true enables the summary reports; false disables them. If enabled, set the remaining summary parameters; these are required by the server to send the summary report. |
summary.emailSubject | Sets the subject line of the summary message. |
summary.emailTemplate | Specifies the path, including the filename, to the directory containing the template to use to create the summary report. |
summary.senderEmail | Specifies the sender of the notification message, who will be notified of any delivery problems. |
summary.recipientEmail | Specifies the recipients of the summary message. These can be agents who need to process pending requests or other users. More than one recipient can be listed by separating each email address with a comma. |
12.3.5. Configuration Parameters of publishCerts
publishCerts
job, either in the CS.cfg
file or in the Certificate Manager Console.
Table 12.3. publishCerts Parameters
Parameter | Description |
---|---|
enabled | Sets whether the job is enabled. The value true is enabled; false is disabled. |
cron |
Sets the time schedule for when the job runs. This is the time the Job Scheduler daemon thread checks the certificates to removing expired certificates from the publishing directory. This setting must follow the conventions in Section 12.3.7, “Frequency Settings for Automated Jobs”. For example:
0 0 * * 6 |
summary.enabled | Specifies whether a summary of the certificates published by the job should be compiled and sent. The value true enables the summaries; false disables them. If enabled, set the remaining summary parameters; these are required by the server to send the summary report. |
summary.emailSubject | Gives the subject line of the summary message. |
summary.emailTemplate | Specifies the path, including the filename, to the directory containing the template to use to create the summary report. |
summary.itemTemplate | Specifies the path, including the filename, to the directory containing the template to use to create the content and format of each item collected for the summary report. |
summary.senderEmail | Specifies the sender of the summary message, who will be notified of any delivery problems. |
summary.recipientEmail | Specifies the recipients of the summary message. These can be agents who need to know the status of user certificates or other users. More than one recipient can be set by separating each email address with a comma. |
12.3.6. Configuration Parameters of unpublishExpiredCerts
unpublishedExpiresCerts
job, either in the CS.cfg
file or in the Certificate Manager Console.
Table 12.4. unpublishExpiredCerts Parameters
Parameter | Description |
---|---|
enabled | Sets whether the job is enabled. The value true is enabled; false is disabled. |
cron |
Sets the time schedule for when the job runs. This is the time the Job Scheduler daemon thread checks the certificates to removing expired certificates from the publishing directory. This setting must follow the conventions in Section 12.3.7, “Frequency Settings for Automated Jobs”. For example:
0 0 * * 6 |
summary.enabled | Specifies whether a summary of the certificates published by the job should be compiled and sent. The value true enables the summaries; false disables them. If enabled, set the remaining summary parameters; these are required by the server to send the summary report. |
summary.emailSubject | Gives the subject line of the summary message. |
summary.emailTemplate | Specifies the path, including the filename, to the directory containing the template to use to create the summary report. |
summary.itemTemplate | Specifies the path, including the filename, to the directory containing the template to use to create the content and format of each item collected for the summary report. |
summary.senderEmail | Specifies the sender of the summary message, who will be notified of any delivery problems. |
summary.recipientEmail | Specifies the recipients of the summary message. These can be agents who need to know the status of user certificates or other users. More than one recipient can be set by separating each email address with a comma. |
12.3.7. Frequency Settings for Automated Jobs
crontab
entry format to specify dates and times for checking the job queue and executing jobs. As shown in Table 12.5, “Time Values for Scheduling Jobs” and Figure 12.1, “Job Configuration”, the time entry format consists of five fields. (The sixth field specified for the Unix crontab
is not used by the Job Scheduler.) Values are separated by spaces or tabs.
-
) to indicate an inclusive range. To specify all legal values, a field can contain an asterisk rather than an integer. Day fields can contain a comma-separated list of values. The syntax of this expression is
Minute Hour Day_of_month Month_of_year Day_of_week
Table 12.5. Time Values for Scheduling Jobs
Field | Value |
---|---|
Minute | 0-59 |
Hour | 0-23 |
Day of month | 1-31 |
Month of year | 1-12 |
Day of week | 0-6 (where 0=Sunday) |
15 * * * *
0 12 12 4 *
0 0 1,15 * 1
15 3 * * 1-5