Setting Up The Job Scheduler; Enabling And Configuring The Job Scheduler - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual

Chapter 18. Automated Jobs
18.1.2.3. unpublishExpiredCerts
Expired certificates are not automatically removed from the publishing directory. If a Certificate
Manager is configured to publish certificates to an LDAP directory, over time the directory will contain
expired certificates.
The unpublishExpiredCerts job checks for certificates that have expired and are still marked as
published in the internal database at the configured time interval. The job connects to the publishing
directory and deletes those certificates; it then marks those certificates as unpublished in the
internal database. The job collects a summary of expired certificates that it deleted and mails the
summary to the agents or administrators specified by the configuration.
NOTE
This job automates removing expired certificates from the directory. Expired certificates
can also be removed manually; for more information on this, see
Certificates and CRLs in a

18.2. Setting up the Job Scheduler

The Certificate Manager can execute a job only if the Job Scheduler is enabled. The job settings,
such as enabling the job schedule, setting the frequency, and enabling the job modules, can be done
through the Certificate System CA Console or through editing the CS.cfg file.

18.2.1. Enabling and Configuring the Job Scheduler

To turn the Job Scheduler on, do the following:
1. Open the Certificate Manager Console.
pkiconsole https://server.example.com:9443/ca
2. In the Configuration tab navigation tree, click Job Scheduler.
This opens the General Settings tab, which shows whether the Job Scheduler is currently
enabled.
406
Directory".
Section 14.10, "Updating