Complete Contents
About This Guide
PART 1: Netscape Certificate Management System
Chapter 1: Introduction to Certificate Management System
Chapter 2: Administration Tasks and Tool
Chapter 3: Configuration
PART 2: Managing Certificate Management System
Chapter 4: Installing and Uninstalling CMS Instances
Chapter 5: Starting and Stopping CMS Instances
PART 3: System-Level Configuration
Chapter 6: Configuring Ports, Database, and SMTP Settings
Chapter 7: Managing Privileged Users and Groups
Chapter 8: Keys and Certificates
PART 4: Authentication
Chapter 9: Introduction to Authentication
Chapter 10: Authentication Modules for End-Entity Enrollment
Chapter 11: Using the PIN Generator Tool
Chapter 12: Configuring Authentication for End Users
Chapter 13: Developing Custom Authentication Modules
PART 5: Job Scheduling and Notification
Chapter 14: Introduction to Job Scheduling and Notifications
Chapter 15: Configuring Schedulable Jobs
PART 6: Policies
Chapter 16: Introduction to Policy
Chapter 17: Constraints-Specific Policy Modules
Chapter 18: Extension-Specific Policy Modules
Chapter 19: Configuring a Subsystem's Policies
PART 7: Publishing
Chapter 20: Introduction to Publishing Certificates and CRLs
Chapter 21: Modules for Publishing Certificates and CRLs
Chapter 22: Configuring a Certificate Manager for Publishing
PART 8: Agent and End-Entity Interfaces
Chapter 23: Introduction to End-Entity and Agent Interfaces
Chapter 24: Customizing End-Entity and Agent Interfaces
PART 9: Logs
Chapter 25: Introduction to Logs
Chapter 26: Managing Logs
PART 10: Issuance and Management of End-Entity Certificates
Chapter 27: Issuing and Managing End-Entity Certificates
Chapter 28: Recovering Encrypted Data
PART 11: Appendixes
Appendix A: Distinguished Names
Appendix B: Backing Up and Restoring Data
Appendix C: Command-Line Utilities
Appendix D: Certificate Database Tool
Appendix E: Key Database Tool
Appendix F: Netscape Signing Tool
Appendix G: SSL Strength Tool
Appendix H: SSL Debugging Tool
Netscape Certificate Management System Administrator's Guide: Configuring Schedulable Jobs
Previous Next Contents Index Bookshelf


Chapter 15 Configuring Schedulable Jobs

Netscape Certificate Management System (CMS) provides a customizable Job Scheduler component that supports various mechanisms for scheduling cron jobs. This chapter explains how to configure Certificate Management System to use specific job plug-in modules for accomplishing jobs. The chapter also shows how plug-in implementations and configured instances for various job items appear in the configuration file.

Before reading this chapter, you should have read the chapter "Introduction to Job Scheduling and Notifications". In particular, you should be familiar with the various job plug-in modules that come with Certificate Management System. If you are not, see "Overview of Job Plug-in Modules".

The chapter has the following sections:


Job Management
You can manage jobs in two ways:

The recommended method is to use the CMS window.

Job Management From the CMS Window

Figure 15.1 shows the CMS window, which provides the required user interface to support job management.

Figure 15.1 Job Scheduler information in the CMS window

In the CMS window you will find a single Job Scheduler object, within which is another object identified as Jobs. The Jobs object represents the job plug-in implementations and instances currently recognized by this instance of Certificate Management System; the Job Scheduler object represents the schedule for the configured jobs.

From the CMS window you can accomplish the following operations:

The sections that follow describe the parts of the window from which you carry out these operations.

Job Instance Tab

The Job Instance tab lists jobs that are currently scheduled for the server, so that you can manage them at a single place. From this tab you can perform the following operations:

Add. The add operation shows a list of registered job plug-in modules from which you can select the one you want to configure. When you save the changes, Certificate Management System creates the instance and displays it in the list of jobs. For instructions, see "Step 4. Add New Jobs".

Delete. The delete operation allows you to remove unwanted jobs from the CMS configuration. For instructions, see "Step 3. Delete Unwanted Jobs".

Edit/View. The edit operation allows you to view and modify configuration parameter values of currently configured jobs. For instructions, see "Step 2. Modify Existing Jobs".

Job Plugin Registration Tab

The Job Plugin Registration tab lists the currently registered job plug-in modules for the selected CMS instance and gives you access to the window from which you can register new modules. On this tab you will find the names of registered modules listed on the left and the path to the Java class that implements the module listed on the right.

You can perform the following operations from this tab:

Register. This operation allows you to register a new job module. When you save the changes, Certificate Management System loads the plug-in module implementation for the job and displays it in the list of currently registered plug-in modules. For instructions, see "Registering a Job Module".

Delete. This operation allows you to remove unwanted job modules from the CMS framework. For instructions, see "Deleting a Job Module".

Job Scheduler Parameters in the Configuration File

The sample configuration file shown on page 101 shows how Job Scheduler-specific information appears in the configuration file. Keep the following points in mind:

To change the configuration by editing the configuration file, follow the instructions in "Changing the Configuration by Editing the Configuration File".


Scheduling Automated Jobs
You can configure the Certificate Manager and Registration Manager to run automated jobs, that is execute specific jobs at specified times. This section explains how to configure a subsystem to evaluate end-entity requests based on a set of policy rules. The steps are as follows:

This section explains how to use the CMS window to perform the following operations:

For information on adding or changing job-specific information in the configuration file, see "Job Scheduler Parameters in the Configuration File".

Step 1. Plan

Before configuring a Certificate Manager or Registration Manager to run jobs, be sure to do the following:

  • Read "Overview of Job Plug-in Modules", and determine the jobs you want the server to run. Jobs that you might want to schedule include email notifications of timed events (such as the expiration of a certificate) that require action on the part of users, and periodic activities such as removing expired certificates from the publishing directory.
  • Read "Customizing Notification Messages" to get familiar with the templates the server uses for formulating notification messages. If you want to customize them, determine the tokens you want to use.
Step 2. Modify Existing Jobs

Modifying a job involves changing the configuration parameter values of the job instance; you cannot change the name of a job. To change the name of a job, create a new job using the same job plug-in module (that you used to create the job you want to rename) with the same parameter values, and delete the old one.

As a part of modifying a job, you can change its status from enabled to disabled or vice versa by checking or unchecking the enable parameter. A subsystem executes only those jobs that are enabled.

During installation, the Certificate Manager and Registration Manager automatically create a set of jobs (that you would most likely want to use) using the job plug-in modules registered by default. Figure 15.2 shows the jobs created for a Certificate Manager. The Registration Manager also has a similar list. Table 15.1 summarizes the default jobs created for both Certificate Manager and Registration Manager.

After installation, you must verify whether you want to use these jobs, check how these jobs are configured, and make the appropriate configuration changes. If you don't want to use a job, delete it from the configuration following the instructions in "Step 3. Delete Unwanted Jobs"; alternatively, you may keep it in the disabled state. If you want to create a new job, follow the instructions in "Step 4. Add New Jobs".

Figure 15.2 Default jobs created for a Certificate Manager

Table 15.1 Default jobs created for a Certificate Manager and Registration Manager

Job name
Created for Certificate Manager
Created for Registration Manager
certRenewalNotifier
See "Certificate Renewal Notifications".

Yes
Yes
requestInQueueNotifier
See "Notification of Request Queue Status".

Yes
Yes
unpublishExpiredCerts
See "Directory Update and Notification".
Yes
No

To modify a configured job in the CMS configuration:

  1. Log in to the CMS window (see "Logging In to the CMS Window").
  2. Select the Configuration tab.
  3. In the navigation tree, select Job Scheduler, then select Jobs.
  4. The Job Instance tab appears (Figure 15.2). The default jobs are listed in Table 15.1.

  5. In the Instance Name list, select a job that you want to modify.
  6. For the purposes of this instruction, assume that you selected the job named unpublishExpiredCerts.

  7. Click Edit/View.
  8. The Job Instance Editor window appears, showing how this job is currently configured. An example is shown below.

  9. Make the necessary changes and click OK.
  10. Repeat steps 4 through 6 for the remaining jobs.
  11. Click Refresh.
Step 3. Delete Unwanted Jobs

You can delete unwanted jobs from the CMS configuration, by using the CMS window. If you think you might need a job in the future, instead of deleting it from the configuration you should disable it by setting the enable parameter value to false. In this way, you can avoid re-creating the job in the future. Because Certificate Management System executes only those jobs that are currently enabled, keeping unwanted jobs in a disabled state in the configuration does not affect the server's functioning.

To delete a job from the CMS configuration:

  1. In the Job Instance tab, select the job you want to delete and click Delete.
  2. When prompted, confirm the delete action.
  3. The CMS configuration is modified. If the changes you made require you to restart the server, you will be prompted accordingly. Don't restart the server yet; you can do so after you've made all the required changes.

Step 4. Add New Jobs

Adding a job to the CMS configuration involves creating a new instance of an already registered plug-in module, assigning a unique name (an alphanumeric string with no spaces) for the instance, and entering appropriate values for the parameters that define the plug-in module you want to create an instance of. When you add a job, the CMS configuration is updated with the appropriate information.

When naming a job, be sure to formulate the name using any combination of letters (aA to zZ), digits (0 to 9), an underscore (_), and a hyphen (-); other characters and spaces are not allowed. For example, you can type My_Job or MyJob as the instance name, but not My Job.

Figure 15.3 shows the job modules registered with a Certificate Manager. The Registration Manager also has a similar list. Table 15.2 summarizes the default modules registered with both Certificate Manager and Registration Manager. If you have registered any custom job modules (see "Registering a Job Module"), they too will be available for selection.

Figure 15.3 Default job modules registered with a Certificate Manager

Table 15.2 Job modules registered with a Certificate Manager and Registration Manager

Job plug-in module name and description
Provided with Certificate Manager
Provided with Registration Manager
RenewalNotificationJob
For details, see "Certificate Renewal Notifications".
Yes
Yes
RequestInQueueJob
For details, see "Notification of Request Queue Status".
Yes
Yes
UnpublishExpiredJob
For details, see "Directory Update and Notification".
Yes
No

To add a job to the CMS configuration:

  1. In the Job Instance tab, click Add.
  2. The Select Job Plugin Implementation window appears. It lists the currently registered job modules. The default modules are listed in Table 15.2.

  3. Select a module.
  4. For the purposes of this instruction, assume that you selected the RenewalNotificationJob module.

  5. Click Next.
  6. The Configure Job Instance Parameters window appears. It lists the configuration information required for this job.

  7. Enter the appropriate information.
  8. Job Instance ID. Type a unique name that will help you identify the job. Be sure to formulate the name using any combination of letters (aA to zZ), digits (0 to 9), an underscore (_), and a hyphen (-). For example, you can type My_Job or MyJob as the instance name, but not My Job.

    enabled. To enable the job, type true; to disable the job, type false.

    cron. Specifies the cron specification for when this job should be run. In other words, it specifies the time at which the Job Scheduler daemon thread should check the certificates for sending renewal notifications. For example, 03**1-5. Be sure to follow the convention specified in "Schedule for Executing Jobs"

    notifyTriggerOffset. Type the number of days before certificate expiration the first notification should be sent. For example, if you want the server to send renewal notifications to users 30 days before their certificates expire, type 30.

    notifyEndOffset. Type the number of days after the certificate expire notifications will continue to be sent, if the certificate is not renewed. For example, if you want the server to continue sending renewal notifications to users (if they don't renew their certificates) 30 days after their certificates expire, type 30.

    senderEmail. Type the complete email address to which the server should send notifications regarding any delivery problems. For example, CertCentral@siroe.com.

    emailSubject. Type the subject line of the notification message; the subject line must be an alphanumeric string of up to 255 characters. For example, Certificate Renewal Notification.

    emailTemplate. Type the path, including the filename, to the directory that contains the template to be used for formulating the message content. For example: C:/Netscape/Server4/cert-testCA/emails/renewJob.txt.

    summary.enabled. Type true if you want the server to compile a summary report of renewal notifications and send. Type false if you don't want the server to compile a summary report of renewal notifications.

    summary.recipientEmail. Type the email addresses of recipients of the summary report; when specifying multiple recipients, separate addresses by commas. These can be, for example, agents who need to know the status of user certificates. For example, ca_agent1@siroe.com, ca_agent2@siroe.com.

    summary.senderEmail. Type the full email address of the sender (of the summary message); in case of a delivery problem, the server will send a notification to this address. For example, CAadmin@siroe.com.

    summary.emailSubject. Type the subject line of the summary message; the subject line must be an alphanumeric string of up to 255 characters. For example, Certificate Renewal Notification Summary.

    summary.itemTemplate. Type the path, including the filename, to the directory that contains the template to be used for formulating the content and format of each item to be collected for the summary report (see the summary.emailTemplate parameter below). For example, C:/Netscape/Server4/cert-testCA/emails/renewJobItem.txt. For more information, see For details, see "Customizing Notification Messages".

    summary.emailTemplate. Type the path, including the filename, to the directory that contains the template to be used for formulating the summary report. For example, C:/Netscape/Server4/cert-testCA/emails/renewJobSummary.txt. For more information, see "Customizing Notification Messages".

  9. Click OK.
  10. You are returned to the Policy Rules Management tab.

  11. Repeat steps 1 through 5 and create additional rules, if required.
Step 5. Schedule the Frequency

The Certificate Manager and Registration Manager can execute a job only if the Job Scheduler is turned on (or enabled). As a part of turning the Job Scheduler on, you also specify the frequency at which the Job Scheduler daemon should check if any of the configured jobs need to be executed.

To schedule the interval for executing the job:

  1. In the navigation tree, click Job Scheduler.
  2. The General Settings tab appears. It shows whether the Job Scheduler component is currently enabled or disabled.

  3. Enter information as appropriate:
  4. Enable Job Scheduler. Check this option to enable the Job Scheduler. To disable the Job Scheduler uncheck the option; disabling turns off all the jobs.

    Check Frequency. Type the frequency at which the Job Scheduler daemon thread should wake up and call the configured jobs that meet the cron specification (see "Schedule for Executing Jobs"). By default, it is set to one minute.

  5. To save your changes, click Save.
  6. The CMS configuration is modified. If the changes you made require you to restart the server, you will be prompted accordingly. In that case, restart the server.

Step 6. Customize Message Templates

Each job uses templates for formulating the notification-message and summary-message contents. Make sure to customize the appropriate templates to suit your organization's requirements. For details on default templates, see "Customizing Notification Messages".

Step 7. Verify Mail Server Settings

The Certificate Manager and Registration Manager use the mail server specified in the SMTP tab (of the CMS window) for routing or sending email notifications automatically. Verify that the host name and port number of the mail server are accurate; see "SMTP Settings".


Managing Job Plug-in Modules
This section explains how to use the CMS window to perform the following operations:

For information on adding or changing job-specific information in the configuration file, see "Job Scheduler Parameters in the Configuration File".

Registering a Job Module

You can register custom job plug-in modules from the CMS window. Registering a new module involves specifying the name of the module and the full name of the Java class that implements the module. For example, you can add a job implementation named as follows:

com.netscape.jobscheduler.unpublishUserCert

Before registering a module, be sure to put the Java class for the module in the classes directory (the implementation must be on the class path).

To register a job module in the CMS framework:

  1. Log in to the CMS window (see "Logging In to the CMS Window").
  2. Select the Configuration tab.
  3. In the navigation tree, select Job Scheduler, then select Jobs.
  4. The Job Instance tab appears. It lists any currently configured jobs.

  5. Select the Job Plugin Registration tab.
  6. The Job Plugin Registration tab appears. It lists currently registered job modules.

  7. Click Register.
  8. The Register Job Scheduler Plugin Implementation window appears.

  9. Specify information as appropriate:
  10. Plugin name. Type a name for the plug-in module.

    Class name. Type the full name of the class for this module--that is, the path to the implementing Java class. If this class is part of a package, be sure to include the package name. For example, if you are registering a class named myJob and if this class is in a package named com.myCompany, type com.myCompany.myJob.

  11. Click OK.
  12. The CMS configuration is modified. If the changes you made require you to restart the server, you will be prompted accordingly. In that case, restart the server.

Deleting a Job Module

You can delete unwanted job plug-in modules by using the CMS window. Before deleting a module, be sure to delete all the instances that are based on this module; for instructions, see "Step 3. Delete Unwanted Jobs".

To delete a job module from the CMS framework:

  1. Log in to the CMS window (see "Logging In to the CMS Window").
  2. Select the Configuration tab.
  3. In the navigation tree, select Job Scheduler, then select Jobs.
  4. The Job Instance tab appears. It lists any currently configured instances.

  5. Select the Job Plugin Registration tab.
  6. The Job Plugin Registration tab appears. It lists currently registered job modules.

  7. In the Plugin Name list, select the module you want to delete and click Delete.
  8. When prompted, confirm the delete action.
  9. The CMS configuration is modified. If the changes you made require you to restart the server, you will be prompted accordingly. In that case, restart the server.

 

© Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.