Certificate Expiration Alerts
The Certificate Expiration Alert automated job notifies credential holders of approaching certificate expiration. This process will identify certificates that are expiring and send an email alert to the user to let them know of the approaching expiration.
The process of obtaining accurate certificate expiration and notifying the cardholder requires 3 different jobs. Each job provides a specific function as listed in the table below.
Job Name | Job Description and Function | Recommended Frequency |
|---|---|---|
CredentialHistoryReportJobManager | Interacts with the CMS database and CMS API to retrieve the Credential Expiration data. | Once, nightly |
CredentialRenewalQueue | Reads the report produced by the CredentialHistory job to create a list of users that have certificates that are expiring and have been configured to receive an email that day. | Once, afternoon |
BatchQueue | Reads the report produced by the CredentialRenewalQueue and begins the process of emailing users and setting CMS application update requests. | Hourly |
How the Certificate Renewal Job only emails people on certain days
Email alerts can be sent on specific days of the week. To do this, daily the credential renewal Job runs to generate the list of people that will be emailed. It then only packages the people that should be emailed that day. For example, if the credential renewal runs on a Tuesday, it will query the data sources, look at the configuration, and only package those users that have been specified to be emailed on a Tuesday.
Configuration Steps
Timing
This process is executed at a time configured by an operator. For example, the operator can configure the process to run hourly, nightly, or monthly depending on their needs.
Messaging
The alert lists the certificate serial number(s) and associated days until expiration. Optionally, the operator can send a custom message with instructions on how to update their credential.
Halting messages (When the user stops receiving alerts)
The alerts are based on the status of and expiration date of the certificate. Once the user updates their credential, the certificate status will be updated, and the user will no longer receive messages if their certificate expiration date does not fall within the configured expiration range.
Configuration Steps
Item | Procedure | Example |
|---|---|---|
1 | Configure an email system. Follow the directions in the link to complete the setup. | |
2 | Go to Administration, select Scheduling, select the Renewal Settings tab. |  |
3 | Select the certification expiration threshold from the drop down. For example, to locate certificates expiring ‘30-60’ days from now, select the option 30 for the Range Start and 60 for the range End. |  |
4 | Select plus button Add Configuration to specify the days and time the user will be notified. |  |
3 | Configure the Subject Line. In the Subject field, add the email subject the recipient will receive. As an example: Badge is expiring in +EXPIRATIONSUMMARY+ Days |
 |
4 | Configure User Instruction Email to Update Certificate. In the message body, add the instructions for the user to update their credential. As an example: Hello +FIRSTNAME+ +LASTNAME+, your Badge is expiring in +EXPIRATIONSUMMARY+ Days. Please update your credential by visiting the link here: https://piv.cyberarmed.com/aims/enterprise/operator. ----Certificate Expiration Details +EXPIRATIONDETAILS+ Scroll to the bottom of the configuration panel and press the Update button to fully save the configuration. <hr><h1>Renewal Instructions</h1><p> Please visit https://piv.cyberarmed.com/aims/enterprise/user to update your certificate. </p> |
 |
5 | Utilize the Send Test Message button to send a sample test of the renewal message. Specify User ID to receive test email. |  |
5 | Verify the Certificates can be Retrieved. Go to Reports, click Certificates. Select the Expiring Certificates tab. Select the Refresh button to pull the latest information. In this example the certificates that are expiring in the ranges set in the earlier step are being returned. |  The certificates that are expiring in the ranges set in the earlier step are being returned.  |
6 | Configure the Job Schedule. Complete the following steps: Go to Administration, select Scheduling. Locate the CredentialRenewalQueue job. Select the Gear icon. Enter the schedule (Cron Format) and select the “Server Host Name”. This will select the time the job will run, and which server will perform the job. Press Update. |  In this example, the schedule of: 0 15 9 ? * * is being used. This is a standardized Cron format. It instructs IDMS to run the job every morning at 9:15 am. The Server Host Name is the server that will run the job. |
Configuring The Notification Message Details
When the certificate is approaching expiration, the user will be emailed a message to notify them of the expiration. This message can be customized with the instructions below. There are key terms that contain dynamic data to provide greater rationalization and certificate expiration detail.
Use the following Keywords below to personalize the message.
+EXPIRATIONSUMMARY+ (The days until expiration)
+FIRSTNAME+ (The First Name)
+LASTNAME+ (The Last Name)
+EXPIRATIONDETAILS+ (The certificate expiration details - contains certificate serial number, subject name, and device ID that the certificate is loaded on to)
+USERID+ (The User ID)
+EXPIRATIONDETAILS+ (The device and certificate details)
Item | Description | Example |
|---|---|---|
1 | Go to the "Configure Recipient Message" section | |
2 | Within the subject field, enter the subject of the email that should be sent to the user. An example is: Your ID Badge is expiring in +EXPIRATIONSUMMARY+ Days |  |
3 | In the field below, enter the message that will be sent to the user. Please note the following key works can be used to further personalize the message. +EXPIRATIONSUMMARY+ (The days until expiration) An example message is: Hello +FIRSTNAME+ +LASTNAME+, Your ID badge is expiring in +EXPIRATIONSUMMARY+ Days. Please verify that your credential has been updated. Please following the instructions below to renew your certificate. ---- |  |
4 | Press the Update button to save the configuration. |  |
5 | To send a test message, enter the IDMS User ID or External ID into the ‘to’ field and press Send Test Message. This will send an email to the email address of the ID that was entered in the ‘to’ field. |  |
Monitoring Job Progress
The Jobs batch processing console can be used to monitor the status. This is useful to see which users have been emailed and if any alerts failed to be sent.
Item | Description | Example |
|---|---|---|
1 | Go to Jobs, click Batch Processing. | |
2 | Click the Job Status tab. | |
3 | Locate the row the with File Name Credential Renewal. |  |
4 | Click on the row to expand the details. The row will provide the details of the user that was notified. |  |