Managing SSH/SSL Schedules

A schedule is a basic time-management tool that consists of list of activities that are intended to take place at a certain time or as a sequence of event. Password Manager Pro allows you to create scheduled tasks to automatically carry out operations such as SSH resources and SSL certificates discovery, key rotation, and report generation at periodic intervals.

  1. Add Schedules
  2. Edit Schedules
  3. Enable/Disable Schedules
  4. Delete Schedules

1. Add Schedules

  1. Navigate to Admin >> SSH/SSL Config >> Schedule. 
  2. Click Add Schedule.
  3. Select Schedule Type from the list available:
    1. Key Rotation – Schedule the rotation of SSH keys assigned to user accounts. Select the keys that are to be scheduled for rotation. If keys are not assigned but are scheduled to rotate, schedule rotation will fail and an error message will be displayed in the Schedule audit and the Audit tabs in the GUI. Also, you can automatically push the key files (private key, public key or both the private and public keys) onto its associated users by enabling the 'push key to user' option available in this page, instead of pushing the key files manually after every scheduled rotation.
    2. SSL Discovery - Schedule the discovery of SSL certificates using this option. Specify the start and end IP addresses and the ports to be checked for deployed SSL certificates.
      1. Select Discover by IP Address Range to specify the StartIP and End IP addresses. 
      2. Select Subnet to mention the IP Address and the ports to be checked for deployed SSL certificates. You can also select From file to upload a schedule.
      3. Select the Bypass Proxy Settings checkbox to bypass proxy server settings during the discovery operation. This option is applicable for the IP Address RangeSubnet and From File modes only. 
      4. If you select Load Balancer, enter the Server Name, Port, User Name, Credential Type, Password and Path. Choose the required load balancer from the Type drop down: General, BIG-IP F5, or Citrix. To perform Citrix discovery using the Citrix REST API commands, select the checkbox Use REST API (By default Password Manager Pro uses CLI commands for discovery and fetching certificates).
      5. Choose the Shared Path - Windows option to schedule a discovery operation for a specific directory path.
      6. Select the Agent checkbox to schedule an SSL discovery through the Password Manager Pro agent. You can perform two modes of discovery through the agent: IP Address Range and Shared Path - Windows.
    3. AD User Certificate Discovery - Schedule the discovery of SSL certificates from active directory - basically, the certificates belonging to various users in Active Directory could be fetched into Password Manager Pro using this option. Specify the domain name, name of the domain controller and user credentials. Click Fetch OU list and select the required user accounts / OUs in which certificate discovery has to be performed.
    4. MS Certificate Store Discovery - Schedule the discovery of SSL certificates from Microsoft Certificate Store and certificates issued by Microsoft Certificate Authority using this option. Select Agent to select the required agent from the list of available agents. Specify the server credentials and user credentials. Select the checkbox to Use Password Manager Pro service account credentials for authentication. Specify the server credentials and user credentials. For certificates issued by Microsoft Certificate Authority, you can fine tune your discovery based on certificate issue date, certificate revocation / expiration statuses, and certificate templates.
    5. SSL Vulnerability - Schedule periodic vulnerability scan on selected or all SSL certificates in Password Manager Pro repository. Select the certificates on which the vulnerability scan is to be performed at regular intervals of time, and specify an e-mail id to which notification is to be sent after every scan.
    6. SSL Expiry - Schedule expiry alert notifications for SSL certificates. Select the SSL certificates that are to be tracked for expiry, schedule the scan at required intervals of time and specify the number of days to expiry before which the email notification should be sent. Choose to receive notifications either Daily or Customize your notifications. If you choose to Customize, set  the Interval (in days) to notify about the to-be-expired certificates. Select the Email certificates on every schedule if expiry is less than option if you want to receive notifications on all schedules irrespective of the above-set interval. Select Exclude expired certificates from email notifications to not get notified about expired certificates. Select Send a separate email per certificate if you want to customize each email with unique subject, title, etc.
    7. Report – Schedule the reports to be generated and sent to the email address specified. All the reports generated by Password Manager Pro can be scheduled to be sent to email addresses using this option. You can Select Specific Certificates or Certificate groups and move the required certificates to the Selected Certificates column using the arrow keys to generate reports for selected certificates under the SSL Certificate Report type.

  4. Select the recurrence type as - Hourly, Daily, Weekly, Monthly or Once only. Set the Starting Time, Date or Day corresponding to the option chosen.
  5. Enter the email addresses of the users to be notified. The server authentication settings can be specified in Admin >> Settings >> Mail Server Settings.
  6. Customize the notification emails by adding an email subject of your choice. To tailor the body of the email further, add custom email Content, and a unique Signature.
  7. For SSL Expiry schedules, select the following options to tailor the scan results that are sent in email. The following preferences are saved only for email and will not change how scheduled scan results appear in the Audit:
    1. Exclude expired certificates from email notifications - Certificates that are already expired in the repository will be excluded from the email notifications. 
    2. Send a separate email per certificate - Every expired certificate will be sent as a separate email.
  8. Click Save.

Note: The result of the schedule execution will get updated in the Schedule audit and also in the respective operation audits.

2. Edit Schedules

  1. Navigate to Admin >> SSH/SSL Config >> Schedule. 
  2. Click the name of the schedule you would like to edit.
  3. You will be redirected to the Edit Schedule window. You can edit all the details of the schedule except its name and type.
  4. Click the Update button to save any modifications.

3. Enable/Disable Schedules

The schedules can be enabled or disabled anytime. Use the disable option to stop the execution of a schedule temporarily without deleting it. When re-enabled, the schedule again starts its periodic execution.

  1. Navigate to Admin >> SSH/SSL Config >> Schedule. 
  2. Select the schedules and click the Enable Schedule or Disable Schedule button. You will get a confirmation that the schedule has been enabled or disabled successfully.

Note: The schedules set to run only once cannot be enabled if they have already been executed. Modify the schedule to enable it.

4. Delete Schedules

  1. Navigate to Admin >> SSH/SSL Config >> Schedule. 
  2. Select the schedules to be deleted.
  3. Click the Delete Schedule button.
  4. Click OK in the confirmation pop-up window.

You will get confirmation that the schedules have been deleted successfully.

Top