Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
11.2. Setting up Automated Notifications for the CA
11.2.1. Setting up Automated Notifications in the Console
링크 복사링크가 클립보드에 복사되었습니다!
- Open the Certificate Manager Console.
pkiconsole https://server.example.com:8443/ca
pkiconsole https://server.example.com:8443/caCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Open the Configuration tab.
- Open the Certificate Manager heading in the navigation tree on the left. Then select Notification.The Notification tabs appear in the right side of the window.
- Notifications can be sent for three kinds of events: newly-issued certificates, revoked certificates, and new certificate requests. To send a notification for any event, select the tab, check the Enable checkbox, and specify information in the following fields:
- Sender's E-mail Address. Type the sender's full email address of the user who is notified of any delivery problems.
- Recipient's E-mail Address. These are the email addresses of the agents who will check the queue. To list more than one recipient, separate the email addresses with commas. For new requests in queue only.
- Subject. Type the subject title for the notification.
- Content template path. Type the path, including the filename, to the directory that contains the template to use to construct the message content.
- Click .
Note
Make sure the mail server is set up correctly. See Section 11.4, “Configuring a Mail Server for Certificate System Notifications”. - Customize the notification message templates. See Section 11.3, “Customizing Notification Messages” for more information.
- Test the configuration. See Section 11.2.3, “Testing Configuration”.
11.2.2. Configuring Specific Notifications by Editing the CS.cfg File
링크 복사링크가 클립보드에 복사되었습니다!
- Stop the CA subsystem.
systemctl stop pki-tomcatd@instance_name.service
systemctl stop pki-tomcatd@instance_name.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Open the
CS.cfgfile for that instance. This file is in the instance'sconf/directory. - Edit all of the configuration parameters for the notification type being enabled.For certificate issuing notifications, there are four parameters:
ca.notification.certIssued.emailSubject ca.notification.certIssued.emailTemplate ca.notification.certIssued.enabled ca.notification.certIssued.senderEmail
ca.notification.certIssued.emailSubject ca.notification.certIssued.emailTemplate ca.notification.certIssued.enabled ca.notification.certIssued.senderEmailCopy to Clipboard Copied! Toggle word wrap Toggle overflow For certificate revocation notifications, there are four parameters:ca.notification.certRevoked.emailSubject ca.notification.certRevoked.emailTemplate ca.notification.certRevoked.enabled ca.notification.certRevoked.senderEmail
ca.notification.certRevoked.emailSubject ca.notification.certRevoked.emailTemplate ca.notification.certRevoked.enabled ca.notification.certRevoked.senderEmailCopy to Clipboard Copied! Toggle word wrap Toggle overflow For certificate request notifications, there are five parameters:Copy to Clipboard Copied! Toggle word wrap Toggle overflow The parameters for the notification messages are explained in Section 11.2, “Setting up Automated Notifications for the CA”. - Save the file.
- Restart the CA instance.
systemctl start pki-tomcatd@instance_name.service
systemctl start pki-tomcatd@instance_name.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow - If a job has been created to send automated messages, check that the mail server is correctly configured. See Section 11.4, “Configuring a Mail Server for Certificate System Notifications”.
- The messages that are sent automatically can be customized; see Section 11.3, “Customizing Notification Messages” for more information.
11.2.3. Testing Configuration
링크 복사링크가 클립보드에 복사되었습니다!
To test whether the subsystem sends email notifications as configured, do the following:
- Change the email address in the notification configuration for the request in queue notification to an accessible agent or administrator email address.
- Open the end-entities page, and request a certificate using the agent-approved enrollment form.When the request gets queued for agent approval, a request-in-queue email notification should be sent. Check the message to see if it contains the configured information.
- Log into the agent interface, and approve the request.When the server issues a certificate, the user receive a certificate-issued email notification to the address listed in the request. Check the message to see if it has the correct information.
- Log into the agent interface, and revoke the certificate.The user email account should contain an email message reading that the certificate has been revoked. Check the message to see if it has the correct information.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}