User Certificate Renewal Configuration
Learn about custom Reminder and Expiration email notifications that can be issued when a user certificate issued in Policy Manager is nearing its expiration date or has expired.
Note: This topic relates to user certificates only. For information relating to renewal alerts and notifications for other types of certificates, see Managing Certificate Expiration.
Table of Contents
- Configuring user certificate renewal alerts: Overview
- View User Certificate Renewal Summary
- Modify Renewal Notification
Configuring user certificate renewal alerts: Overview
There are several ways that you can configure the platform to send an email notification when a user certificate is getting close to the expiration date, including:
- Configuring the platform to send a notification to a specific user email address
- Setting up an organization contact email address for notifications
- Configuring an email group and configuring the platform to send a notification to the email group
Generation of notification emails relating to upcoming (or current) certificate expiration is associated with the platform's background process, user.certs.expiration.checker.job, which is run daily at 2:15am. This job checks user certificates for expiration. The notification uses the email address and message structure configured in the Configure >Security > Certificates > User Certificate Renewal page.
If an alert is generated and it is also bound to one or more email groups, the email is also sent to the email group or groups.
View User Certificate Renewal Summary
- Log in to Policy Manager.
- Go to Configure > Certificates > User Certificate Renewal.
The User Certificate Renewal Summary page is displayed, showing the configuration of the currently defined Reminder and Expiration certificate renewal email notifications.
Modify Renewal Notification
Update the Reminder Email and Expiration Email configuration for certificates issued in Policy Manager.
- Renewal details (reminder interval, From email), and email content are customizable.
- Substitutable variables representing certificate elements can be included in the email content based on your requirements.
To modify a renewal notification
- Go to Configure >Security > Certificates > User Certificate Renewal. The User Certificate Renewal Summary page is displayed.
- Click Modify Renewal Notification. The Modify Renewal Notification page is displayed, as shown below, with the current renewal notification configuration.
- (Optional) Modify Renewal Details.
Note: You can use variables in the Subject and Body for both Reminder and Expiration email types. The variable names are enclosed in ${}s. Supported variables include:
- ${expiration.date}—Expiration date of the certificate
- ${user.fullname}—Fullname attribute of the user
- ${user.username}—Username attribute of the user
- ${certificate.subject.dn}—Subject Certificate Name of certificate
- ${certificate.issuer.dn}—Issuer Name of certificate
- Remind Users of Expiration—Use the drop-down to configure the frequency that email reminders will be sent out for both Reminder and Expiration email types. Select from:
- Never (the default)
- Once—Specify how many days prior to expiration, as shown below.
- Daily—Specify how many days prior to expiration the reminders start, as shown below.
- Weekly—Specify how many weeks prior to expiration the reminders start, as shown below.
- Generate email from the following address—Use this text field to directly enter the number of days prior to a certificates expiration that you would like an email sent.
- (Optional) Modify the Reminder Email.
- Subject—Enter a custom email subject line.
- Body—Enter the body of the email.
- Reset—Reset the email configuration back to the Policy Manager default email template.
- Optional) Modify the Expiration Email.
- Subject—Enter a custom email subject line.
- Body—Enter the body of the email.
- Reset—Reset the email configuration back to the Policy Manager default email template.
- Click Apply. Changes are saved and the User Certificate Renewal Summary page is displayed.
