Feature #7332
closedProvide certificate expiry warning
0%
Description
Just logged into one of my HP MSM controllers and was warned about certificates that are about to expire. This would be a nice feature for pfSense, if a certificate is in use and going to expire in the next 30 days.
Files
Updated by DRago_Angel [InV@DER] almost 5 years ago
It would be great if Certificate Manager will support expiration notification option for each existing certificate in storage and use existing /system_advanced_notifications.php to send alert to Administrator.
For example:
global configuration: notify if certificate will expire in less then X days
per certificate expiration notification option:
enabled\disable notifications
overwrite global configuration: notify if certificate will expire in less then X days
Updated by Jim Pingle almost 5 years ago
- Status changed from New to In Progress
- Assignee set to Jim Pingle
- Target version set to 2.5.0
I do not think there will be a per-certificate setting for this (at least for now), but for starters I have added a visual indication of the expiration status to the GUI. Notifications will follow.
Updated by Jim Pingle almost 5 years ago
- Status changed from In Progress to Feedback
This is now implemented.
There is a GUI setting to enable/disable the expiration notifications, and they are on by default.
There is a GUI setting to configure the expiration threshold, the default is 30 days.
It will check once per day, and if any certificates are expiring soon (or have already expired), it will trigger a notification in the log, GUI, and e-mail (if enabled).
Updated by Jim Pingle over 4 years ago
- Status changed from Feedback to Resolved
This has been working well for a while now. I've made a few short-lived certs and watched them trigger the notifcations naturally after a couple days. No real downsides that I can tell, other than it being a tad annoying by notifying every day until you fix it. But seeing as that's the point, and someone can turn it off if they don't want it, I'd say it is operating as intended.
Updated by DRago_Angel [InV@DER] over 4 years ago
Ho, cool =D Thank you. Waiting 2.5 stable!
Updated by Ian Collins over 4 years ago
Hi - What version is this implemented in?
I've got a 2.4.4-RELEASE-p3 and a 2.5.1 pfsense - and I can't see any highlighting in the cert manager and don't get any emails about expiring certificates (tested email and its working).
Thanks.
Updated by Jim Pingle over 4 years ago
It's in 2.5.0 snapshots which are still in development. There has not been a 2.5.0 release yet.
There is no 2.5.1, not sure where you saw that. Maybe you meant 2.4.5-p1? This change is not in 2.4.x.
Updated by ilmarranen alex over 3 years ago
Hi! Do you think revoked certs should not trigger an expiration notification?
Perhaps it is worth creating a new issue about it?