Automated Notifications; About Automated Notifications; Types Of Automated Notifications; Determining End-Entity Email Addresses - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual

Chapter 17.

Automated Notifications

The Certificate System can be configured to send automatic email notifications to end users when
certificates are issued and revoked or to an agent when a new request has arrived in the agent
request queue. This chapter describes automated notifications and details how to enable, configure,
and customize the notification email messages that are sent.
NOTE
Because of the types of notifications that can be sent, only Certificate Managers have
the ability to be configured for notifications; this option is not available on the other
subsystems.

17.1. About Automated Notifications

Automated notifications are email messages sent when a specified event occurs. The system uses
listeners that monitor the system to determine when a particular event has occurred; when the event
happens, then the system is triggered to send an email to the configured recipient. Each type of
notification uses a template, either in plain text or HTML, to construct the notification message. The
template contains text and tokens that are expanded to fill in the correct information for a particular
event. The messages can be customized by changing the text and tokens contained in the templates.
The HTML templates can also be customized for different appearances and formatting.

17.1.1. Types of Automated Notifications

There are three types of automated notifications:
• Certificate Issued .
A notification message is automatically sent to users who have been issued certificates. A rejection
message is sent to a user if the user's certificate request is rejected.
• Certificate Revocation .
A notification message is automatically sent to users when the user certificate is revoked.
• Request in Queue .
A notification message is automatically sent to one or more agents when a request enters
the agent request queue, using the email addresses set for the agent. There is also a job that
sends a notification to agents about the status of the queue, which includes a summary of the
certificate status at certain intervals. This notification sends an email every time a message
enters the queue. For more information about the request in queue job, see
"requestInQueueNotifier".
Additional automated notifications can be created using the CS SDK.

17.1.2. Determining End-Entity Email Addresses

The notification system determines the email address of an end entity by checking first the certificate
request or revocation request, then the subject name of the certificate, and last the Subject Alternative
Name extension of the certificate, if the certificate contains this extension. If an email address cannot
Section 18.1.2.1,
397