Am 09.08.24 um 15:54 schrieb Martin Bartosch:
My idea was to the the cutoff_notafter form +60 days to +1 year;
diff --git a/config.d/realm.tpl/report/expiry.yaml
b/config.d/realm.tpl/report/expiry.yaml
index 1ab0a1b..9a2de6e 100644
--- a/config.d/realm.tpl/report/expiry.yaml
+++ b/config.d/realm.tpl/report/expiry.yaml
@@ -1,7 +1,8 @@
label: Expiry Report
head: "Certificate Expiry Report, created at: [% export_date %]"
delimiter: "\t"
-cutoff_notafter: +000060
+#cutoff_notafter: +000060
+cutoff_notafter: +01
include_expired: -000030
cols:
You changed the reporting interval for the reports that can be generated
interactively from the GUI. This does not affect the expiry notification
workflow.
OK, but it doesn't affect "Certificate Status Summary"? "Certificate Status Summary"
shows 0 near expiration, "Expiry Report" shows all 9 issued and valid certs
and ran:
# openxpkicmd --realm democa notify_expiry
But "Certificate Status Summary" in WebUI reports 0 certificates near
expiration and emails are sent.
I also don't quite understand the sign of parameter cutoff_notafter and included_expired. I thought,
certificates with notafter > now - 60 days are considered as near expiration and all certifcates with
notafter > now + 30 days are included but the signs are "+" for cutoff_notafter and
"-" for included_expired.
What I'm missing here? How can certificates with let's say 11 months lifetime
left be considered as near expiration?
In the Community Edition's notify_expiry workflow, the default for triggering
expiry notifications is 30 days before expiration. It is possible to change
this when triggering the workflow on the command line by specifying a different
threshold in the parameter cutoff_notafter (must be a relative OpenXPKI date).
running notify_expiry with a cutoff parameter sent out notifications, thank you
for the explanation.
Best,
-ap
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
