Este conteúdo não está disponível no idioma selecionado.
12.2. Setting up Automated Notifications for the CA
12.2.1. Setting up Automated Notifications in the Console
- Open the Certificate Manager Console.
pkiconsole https://server.example.com:8443/ca
- Open the Configuration tab.
- Open the Certificate Manager heading in the navigation tree on the left. Then select Notification.The Notification tabs appear in the right side of the window.
- Notifications can be sent for three kinds of events: newly-issued certificates, revoked certificates, and new certificate requests. To send a notification for any event, select the tab, check the Enable checkbox, and specify information in the following fields:
- Sender's E-mail Address. Type the sender's full email address of the user who is notified of any delivery problems.
- Recipient's E-mail Address. These are the email addresses of the agents who will check the queue. To list more than one recipient, separate the email addresses with commas. For new requests in queue only.
- Subject. Type the subject title for the notification.
- Content template path. Type the path, including the filename, to the directory that contains the template to use to construct the message content.
- Click.
Note
Make sure the mail server is set up correctly. See Section 12.4, “Configuring a Mail Server for Certificate System Notifications”. - Customize the notification message templates. See Section 12.3, “Customizing Notification Messages” for more information.
- Test the configuration. See Section 12.2.3, “Testing Configuration”.
Note
pkiconsole
is being deprecated.
12.2.2. Configuring Specific Notifications by Editing the CS.cfg File
- Stop the CA subsystem.
pki-server stop instance_name
- Open the
CS.cfg
file for that instance. This file is in the instance'sconf/
directory. - Edit all of the configuration parameters for the notification type being enabled.For certificate issuing notifications, there are four parameters:
ca.notification.certIssued.emailSubject ca.notification.certIssued.emailTemplate ca.notification.certIssued.enabled ca.notification.certIssued.senderEmail
For certificate revocation notifications, there are four parameters:ca.notification.certRevoked.emailSubject ca.notification.certRevoked.emailTemplate ca.notification.certRevoked.enabled ca.notification.certRevoked.senderEmail
For certificate request notifications, there are five parameters:ca.notification.requestInQ.emailSubject ca.notification.requestInQ.emailTemplate ca.notification.requestInQ.enabled ca.notification.requestInQ.recipientEmail ca.notification.requestInQ.senderEmail
The parameters for the notification messages are explained in Section 12.2, “Setting up Automated Notifications for the CA”. - Save the file.
- Restart the CA instance.
pki-server start instance_name
- If a job has been created to send automated messages, check that the mail server is correctly configured. See Section 12.4, “Configuring a Mail Server for Certificate System Notifications”.
- The messages that are sent automatically can be customized; see Section 12.3, “Customizing Notification Messages” for more information.
12.2.3. Testing Configuration
To test whether the subsystem sends email notifications as configured, do the following:
- Change the email address in the notification configuration for the request in queue notification to an accessible agent or administrator email address.
- Open the end-entities page, and request a certificate using the agent-approved enrollment form.When the request gets queued for agent approval, a request-in-queue email notification should be sent. Check the message to see if it contains the configured information.
- Log into the agent interface, and approve the request.When the server issues a certificate, the user receive a certificate-issued email notification to the address listed in the request. Check the message to see if it has the correct information.
- Log into the agent interface, and revoke the certificate.The user email account should contain an email message reading that the certificate has been revoked. Check the message to see if it has the correct information.