000021311 - Automatic certificate expiry notification does not seem to work as expected

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021311
Applies ToRSA Certificate Manager 6.7
IssueAutomatic certificate expiry notification/email does not seem to work as expected
ResolutionFollowing the guidelines listed below to configure automatic certificate expiry notifications should resolve any unexpected results:

Each jurisdiction configuration object (xuda_domain_config object) has an attribute AUTOEMAIL_NOTICELASTDELIVERYTIME that keeps track of the last scan date/time (format is YYYYMMDDHHMMSS in local time zone) when email notifications were successfully processed for that jurisdiction. This attribute is updated once at the end of each batch processed for the jurisdiction. Any issues with the SMTP server (not reachable etc), or in case criteria is not met to send out any emails, do not constitute a failure as far as the Xudad notification thread is concerned.

An ideal setting for autonotice_checktime (in xudad.conf) is to result in once a day scan (i.e., a setting of 86400 sec). Configuring it for intervals of only a few seconds (e.g., every 90 seconds) or a few days (e.g., every 604800 seconds, that is once a week) may result in apparently broken but expected behavior.

It is possible that the value set for autonotice_checktime in combination with the value for AUTOEMAIL_NOTICELASTDELIVERYTIME (in the relevant xuda_domain_config object) can result in certain notifications not emailed which may appear unexpected (but correct) behavior.
NotesIf you are using RSA Certificate Manager 6.7, ensure that you are using Build 417 or a more recent build.
Email notifications are sent to the email address(es) in EMAIL attribute of corresponding certificate object (XUDA_CERTIFICATE object) in the database.
Legacy Article IDa36979

Attachments

    Outcomes