Project

General

Profile

Actions

Feature #7332

closed

Provide certificate expiry warning

Added by Michael Newton over 4 years ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
02/28/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

Just logged into one of my HP MSM controllers and was warned about certificates that are about to expire. This would be a nice feature for pfSense, if a certificate is in use and going to expire in the next 30 days.


Files

Screenshot 2017-02-28 14.11.09.png (60.8 KB) Screenshot 2017-02-28 14.11.09.png How HP does it Michael Newton, 02/28/2017 04:15 PM
Actions #1

Updated by Jim Pingle almost 2 years ago

See also: #9703

Actions #2

Updated by DRago_Angel [InV@DER] almost 2 years ago

It would be great if Certificate Manager will support expiration notification option for each existing certificate in storage and use existing /system_advanced_notifications.php to send alert to Administrator.
For example:
global configuration: notify if certificate will expire in less then X days
per certificate expiration notification option:

enabled\disable notifications
overwrite global configuration: notify if certificate will expire in less then X days

Actions #3

Updated by Jim Pingle almost 2 years ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0

I do not think there will be a per-certificate setting for this (at least for now), but for starters I have added a visual indication of the expiration status to the GUI. Notifications will follow.

Actions #4

Updated by Jim Pingle almost 2 years ago

  • Status changed from In Progress to Feedback

This is now implemented.

There is a GUI setting to enable/disable the expiration notifications, and they are on by default.
There is a GUI setting to configure the expiration threshold, the default is 30 days.

It will check once per day, and if any certificates are expiring soon (or have already expired), it will trigger a notification in the log, GUI, and e-mail (if enabled).

Actions #5

Updated by Jim Pingle almost 2 years ago

  • Status changed from Feedback to Resolved

This has been working well for a while now. I've made a few short-lived certs and watched them trigger the notifcations naturally after a couple days. No real downsides that I can tell, other than it being a tad annoying by notifying every day until you fix it. But seeing as that's the point, and someone can turn it off if they don't want it, I'd say it is operating as intended.

Actions #6

Updated by DRago_Angel [InV@DER] over 1 year ago

Ho, cool =D Thank you. Waiting 2.5 stable!

Actions #7

Updated by Ian Collins over 1 year ago

Hi - What version is this implemented in?
I've got a 2.4.4-RELEASE-p3 and a 2.5.1 pfsense - and I can't see any highlighting in the cert manager and don't get any emails about expiring certificates (tested email and its working).

Thanks.

Actions #8

Updated by Jim Pingle over 1 year ago

It's in 2.5.0 snapshots which are still in development. There has not been a 2.5.0 release yet.

There is no 2.5.1, not sure where you saw that. Maybe you meant 2.4.5-p1? This change is not in 2.4.x.

Actions #9

Updated by ilmarranen alex 5 months ago

Hi! Do you think revoked certs should not trigger an expiration notification?
Perhaps it is worth creating a new issue about it?

Actions

Also available in: Atom PDF