Certificate Expiration Alerts
The Certificate Expiration Alert automated job notifies credential holders of approaching certificate expiration. This process will identify certificates that are expiring and send an email alert to the user to let them know of the approaching expiration.
The process of obtaining accurate certificate expiration and notifying the cardholder requires 3 different jobs. Each job provides a specific function as listed in the table below.
Job Name | CredentialHistoryReportJobManager | CredentialRenewalQueue | BatchQueue |
|---|---|---|---|
Job Purpose | Interacts with the CMS database and CMS API to retrieve the Credential Expiration data. | Reads the report produced by the Credential History Job to create a list of users that have certificates that are expiring and have been configured to receive an email that day. | Reads the report produced by the CredentialRenwalQueue and begins the process of emailing users and setting CMS application update requests. |
Recommended Frequency | Once nightly | Once afternoon | Hourly |
How the Certificate Renewal Job only emails people on certain days
Email alerts can be sent on specific days of the week. To do this, daily the credential renewal Job runs to generate the list of people that will be emailed. It then only packages the people that should be emailed that day. For example, if the credential renewal runs on a Tuesday, it will query the data sources, look at the configuration, and only package those users that have been specified to be emailed on a Tuesday.
Configuration Steps
Timing
This process is executed at a time configured by an operator. For example, the operator can configure the process to run hourly, nightly, or monthly depending on their needs.
Messaging
The alert lists the certificate serial number(s) and associated days until expiration. Optionally, the operator can send a custom message with instructions on how to update their credential.
Halting messages (When the user stops receiving alerts)
The alerts are based on the status of and expiration date of the certificate. Once the user updates their credential, the certificate status will be updated and the user will no longer receive messages if their certificate expiration dated does not wall within the configured expiration range.
Configuration Steps
Description | Example | |
|---|---|---|
| 1 | Configure an email system. | |
| 2 | Configure the certificate expiration ranges: 1-Go to Administration 2-Click Scheduling 3-Click the Renewal Settings tab, enter the date range and report source with the following format: 30-60-cms and press the enter key.  4-In the subject field, add the email subject the recipient will receive. Badge is expiring in +EXPIRATIONSUMMARY+ Days 5-In the message detail, add the instructions for the user to update their credential. Hello +FIRSTNAME+ +LASTNAME+,Your Badge is expiring in +EXPIRATIONSUMMARY+ Days. Please update your credential by visiting the link here: https://piv.cyberarmed.com/aims/enterprise/operator. ----Certificate Expiration Details+EXPIRATIONDETAILS+ |
In this example, a custom message is also being sent in the notification alert. The message can be formatted with HTML if desired. <hr><h1>Renewal Instructions</h1><p> Please visit https://piv.cyberarmed.com/aims/enterprise/user to update your certificate. </p> |
| 3 | Verify the certificates can be retrieved 1-Go to reports 2-Click certificates 3-Click the expiring certificates tab |  In this example, the certificates that are expiring in the ranges set in the step above are being returned. |
| 4 | Configure the Job Schedule 1-Go to Administration 2-Click scheduling 3-Locate the CredentialRenewalQueue Job 4-Press the Gear Icon 5-Enter the schedule and select the server host name. 6-Press update. |  In this example, the schedule of: 0 15 9 ? * * is being used. This is a standardized cron format and for this example, instructs the IDMS to run the job every morning at 9:15 am. The server host name is the server that will run the job. |
Configuring The Notification Message
When the certificate is approaching expiration, the user will be emailed a message to notify them of the expiration. This message can be customized with the instructions below. There are key terms that contain dynamic data to provide greater rationalization and certificate expiration detail.
Use the following Key words below to personalize the message.
+EXPIRATIONSUMMARY+ (The days until expiration)
+FIRSTNAME+ (The First Name)
+LASTNAME+ (The last name).
+EXPIRATIONSUMMARY+ (The certificate expiration details - contains certificate serial number, subject name, ad device ID that the certificate is loaded on to)
+USERID+ (The user ID)
+EXPIRATIONDETAILS+ (The device and certificate details)
Description | Example | |
|---|---|---|
| 1 | Go to the "Configure Recipient Message" section | |
| 2 | Within the subject field, enter the subject of the email that should be sent to the user. An example is: Your ID Badge is expiring in +EXPIRATIONSUMMARY+ Days |  |
| 3 | In the field below, enter the message that will be sent to the user. Please note the following key works can be used to further personalize the message. +EXPIRATIONSUMMARY+ (The days until expiration) A example message is: Hello +FIRSTNAME+ +LASTNAME+, Your ID badge is expiring in +EXPIRATIONSUMMARY+ Days. Please verify that your credential has been updated. Please following the instructions below to renew your certificate. ---- |  |
| 4 | Press the Update button to save the configuration |  |
| 5 | To send a test message, enter the IDMS User ID or External ID into the to field and press Send Test Message. This will send an email to the emaill address of the ID that was entered in the two field. |   |
Monitoring Job Progress
The Jobs batch processing console can be used to monitor the status.This is useful to see which user's have been emailed and if any alerts failed to be sent.
Description | Example | |
|---|---|---|
| 1 | Go to Jobs, Click Batch processing | |
| 2 | Click the Job Status Tab | |
| 3 | Locate the row the with file name Credential Renewal |  |
| 4 | Click on the row to expand the details. The row will provide the details of the user that was notified. |  |