Project

General

Profile

Feature #7332

Provide certificate expiry warning

Added by Michael Newton almost 3 years ago. Updated 29 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
02/28/2017
Due date:
% Done:

0%

Estimated time:

Description

Just logged into one of my HP MSM controllers and was warned about certificates that are about to expire. This would be a nice feature for pfSense, if a certificate is in use and going to expire in the next 30 days.

Screenshot 2017-02-28 14.11.09.png (60.8 KB) Screenshot 2017-02-28 14.11.09.png How HP does it Michael Newton, 02/28/2017 04:15 PM

Associated revisions

Revision 93f1121f (diff)
Added by Jim Pingle 4 months ago

Add certificate lifetime to infoblock. Issue #7332

  • Adds the total lifetime and lifetime remaining before expiration to
    the info block
  • Adds a visual indication to the infoblock and end date when the
    certificate will be expiring soon, or if it has already expired.

Revision 38e7b336 (diff)
Added by Jim Pingle 4 months ago

Add settings to control certificate expiration notifications. Issue #7332

Note that the notices themselves do not yet exist. Those are still a
work in progress.

Revision 4bbdd9b0 (diff)
Added by Jim Pingle 4 months ago

Add periodic framework to allow for daily/weekly/monthly tasks. Issue #7332

Revision b5d2d8d8 (diff)
Added by Jim Pingle 4 months ago

Add daily certificate expiration notice. Issue #7332

Revision e78fe74d (diff)
Added by Jim Pingle 4 months ago

Make value of cert notify setting consistent with others. Issue #7332

History

#1 Updated by Jim Pingle 4 months ago

See also: #9703

#2 Updated by DRago_Angel [InV@DER] 4 months ago

It would be great if Certificate Manager will support expiration notification option for each existing certificate in storage and use existing /system_advanced_notifications.php to send alert to Administrator.
For example:
global configuration: notify if certificate will expire in less then X days
per certificate expiration notification option:

enabled\disable notifications
overwrite global configuration: notify if certificate will expire in less then X days

#3 Updated by Jim Pingle 4 months ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0

I do not think there will be a per-certificate setting for this (at least for now), but for starters I have added a visual indication of the expiration status to the GUI. Notifications will follow.

#4 Updated by Jim Pingle 4 months ago

  • Status changed from In Progress to Feedback

This is now implemented.

There is a GUI setting to enable/disable the expiration notifications, and they are on by default.
There is a GUI setting to configure the expiration threshold, the default is 30 days.

It will check once per day, and if any certificates are expiring soon (or have already expired), it will trigger a notification in the log, GUI, and e-mail (if enabled).

#5 Updated by Jim Pingle about 2 months ago

  • Status changed from Feedback to Resolved

This has been working well for a while now. I've made a few short-lived certs and watched them trigger the notifcations naturally after a couple days. No real downsides that I can tell, other than it being a tad annoying by notifying every day until you fix it. But seeing as that's the point, and someone can turn it off if they don't want it, I'd say it is operating as intended.

#6 Updated by DRago_Angel [InV@DER] 29 days ago

Ho, cool =D Thank you. Waiting 2.5 stable!

Also available in: Atom PDF