Provide certificate expiry warning
Just logged into one of my HP MSM controllers and was warned about certificates that are about to expire. This would be a nice feature for pfSense, if a certificate is in use and going to expire in the next 30 days.
Add certificate lifetime to infoblock. Issue #7332
- Adds the total lifetime and lifetime remaining before expiration to
the info block
- Adds a visual indication to the infoblock and end date when the
certificate will be expiring soon, or if it has already expired.
Add settings to control certificate expiration notifications. Issue #7332
Note that the notices themselves do not yet exist. Those are still a
work in progress.
Add periodic framework to allow for daily/weekly/monthly tasks. Issue #7332
#2 Updated by DRago_Angel [InV@DER] 4 months ago
It would be great if Certificate Manager will support expiration notification option for each existing certificate in storage and use existing /system_advanced_notifications.php to send alert to Administrator.
global configuration: notify if certificate will expire in less then X days
per certificate expiration notification option:
overwrite global configuration: notify if certificate will expire in less then X days
#3 Updated by Jim Pingle 4 months ago
- Status changed from New to In Progress
- Assignee set to Jim Pingle
- Target version set to 2.5.0
I do not think there will be a per-certificate setting for this (at least for now), but for starters I have added a visual indication of the expiration status to the GUI. Notifications will follow.
#4 Updated by Jim Pingle 4 months ago
- Status changed from In Progress to Feedback
This is now implemented.
There is a GUI setting to enable/disable the expiration notifications, and they are on by default.
There is a GUI setting to configure the expiration threshold, the default is 30 days.
It will check once per day, and if any certificates are expiring soon (or have already expired), it will trigger a notification in the log, GUI, and e-mail (if enabled).
#5 Updated by Jim Pingle about 2 months ago
- Status changed from Feedback to Resolved
This has been working well for a while now. I've made a few short-lived certs and watched them trigger the notifcations naturally after a couple days. No real downsides that I can tell, other than it being a tad annoying by notifying every day until you fix it. But seeing as that's the point, and someone can turn it off if they don't want it, I'd say it is operating as intended.