As a Security Server Administrator I want to be notified if automatic certificate renewal using ACME fails or succeeds so that I know what the certificate renewal status is.

Description

Support for renewing auth and sign certificates automatically using ACME was implemented in XRDDEV-2536. The implementation includes showing renewal status on the SIGN and AUTH keys page. In addition, a global warning on top of the Security Server UI is shown if the renewal has failed for some reason. In order to see the renewal status, the Security Server Administrator must log in to the Security Server UI.

Since the Security Server stops operating without valid auth and sign certs, it's important to notify the Security Server admin through an external channel immediately when the renewal operation fails or succeeds. In practice, the admin must be notified by email. The email address configured in the acme.yml configuration file is used as a recipient. Similarly, the admin should be notified about successful renewal operations too.

The Security Server should use an external email server for sending the notification emails. In other words, the Security Server will act as an email client. The email server configuration details are stored in the acme.yml configuration file or in some other configuration file. Also, it’s important that the Security Server admin is able to test the email configuration by sending a test email from the Security Server UI, e.g., from the diagnostics page. Also, the diagnostics page should show the success and failure notification configuration status (enabled / disabled) and are the connection details present in the configuration file. The recipient’s email configured in acme.yml should be shown in the diagnostics page too. If all the required configuration details are present, it’s possible to send a test email to the recipient. In that way, the admin can validate that the configuration is correct and the Security Server is able to establish a connection to the external email server.

Acceptance criteria:

Implementation notes

None

Activity

Show:
Done

Details

Assignee

Mikk-Erik Bachmann

Reporter

Target Version/s

Story Points

Sprint

Fix versions

Priority

Created July 9, 2024 at 1:14 PM
Updated November 18, 2024 at 7:00 PM
Resolved November 18, 2024 at 7:00 PM
Loading...