Schedules

Create scheduled tasks to automatically carry out operations such as SSH resources and SSL certificates discovery, key rotation, and report generation at periodic intervals.

1. Add Schedules

To add a schedule:

Navigate to the Schedule tab in the GUI and click Add Schedule.
Enter the Schedule Name.
Select the type of schedule. You have eight options:
- SSH discovery- Schedule the discovery of SSH resources using this option. Specify the start and end IP addresses of the resources to be discovered. Also specify the port used by the end terminals for SSH communication.
- SSL discovery -Schedule the discovery of SSL certificates using this option.
  1. If you select Agent, you can choose between the available agents. Select Discover by IP Address Range to specify the StartIP and End IP addresses.
  2. Select Subnet to mention the IP Address and the ports to be checked for deployed SSL certificates. You can also select From file to upload a schedule.
  3. If you select Load Balancer, enter the Server Name, Port, User Name,Credential Type, Password and Path. Choose the required load balancer from the Type dropdown: General, BIG-IP F5, or Citrix. To perform Citrix discovery using the Citrix REST API commands, select the checkbox Use REST API (By default KMP uses CLI commands for discovery and fetching certificates).
  4. Select the Bypass Proxy Settings checkbox to bypass proxy server settings during the discovery operation. This option is applicable for the IP Address Range, Subnet and From File modes as well as Citrix discovery when the Use REST API (By default KMP uses CLI commands for discovery and fetching certificates) option is selected.
  5. Choose the Shared Path - Windows/Linux/Mac OS option to schedule a discovery operation for a specific directory path.
  6. Select the Agent checkbox to schedule an SSL discovery through the Key Manager Plus agent. You can perform two modes of discovery through the agent: IP Address Range and Shared Path - Windows/Linux/Mac OS.
- Key rotation – Schedule the rotation of SSH keys assigned to user accounts. Select the keys that are to be scheduled for rotation. If keys are not assigned but are scheduled to rotate, schedule rotation will fail and an error message will be displayed in the Schedule audit and the Audit tabs in the GUI. Also, you can automatically push the key files (private key, public key or both the private and public keys) onto its associated users by enabling the 'push key to user' option available in this page, instead of pushing the key files manually after every scheduled rotation.
- Reports – Schedule the reports to be generated and sent to the email address specified. All the reports generated by Key Manager Plus can be scheduled to be sent to email addresses using this option. You can Select Specific Certificates or Certificate groups and move the required certificates to the Selected Certificates column using the arrow keys to generate reports for selected certificates.
- SSL Expiry - Schedule expiry alert notifications for SSL certificates.
  1. Select the Specific SSL certificates or Certificate Groups that are to be tracked for expiry.
  2. Schedule the scan at required intervals of time and specify the number of Days to expiry before which the email notification should be sent.
  3. Choose to receive notifications either Daily or Customize your notifications.
  4. If you choose to Customize, set the Interval (in days) to notify about the to-be-expired certificates.
  5. Select the Email certificates on every schedule if expiry is less than option if you want to receive notifications on all schedules irrespective of the above-set interval.
- AD User Certificate Discovery - Schedule the discovery of SSL certificates from active directory - basically, the certificates belonging to various users in Active Directory could be fetched into KMP using this option. Specify the domain name, name of the domain controller and user credentials. Click Fetch OU list and select the required user accounts / OUs in which certificate discovery has to be performed.
- MS Certificate Store Discovery - Schedule the discovery of SSL certificates from Microsoft Certificate Store and certificates issued by Microsoft Certificate Authority using this option. Select Agent to select the required agent from the list of available agents. Specify the server credentials and user credentials. Select the checkbox to Use Key Manager Plus service account credentials for authentication. For certificates issued by Microsoft Certificate Authority, you can fine tune your discovery based on certificate issue date, certificate revocation / expiration statuses, and certificate templates. You can select upto five certificate templates for your discovery operation.
- AWS Discovery - Schedule the discovery of AWS certificates from the AWS-ACM repository. Specify the AWS Credential, choose the required AWS Service, and all the required regions.
- SSL Vulnerability - Schedule periodic vulnerability scan on selected or all SSL certificates in Key Manager Plus repository. Select the certificates on which the vulnerability scan is to be performed at regular intervals of time, and specify an e-mail id to which notification is to be sent after every scan.

Select the recurrence type as - hourly, daily, weekly, monthly, or once only. Set the starting time, date, or day, corresponding to the option chosen.
Enter the email addresses of the users to be notified. The server authentication settings can be specified in the Settings >> Mail Server Settings tab in the GUI.
Customize the notification emails by adding an email subject of your choice. To tailor the body of the email further, add custom email content, and a unique signature.
For SSL Expiry schedules, select the following options to tailor the scan results that are sent in email. The following preferences are saved only for email and will not change how scheduled scan results appear in the Audit:
i. Include auto-renewal certificates in email notification- Certificates that will be auto renewed will be included in the email notifications.
ii. Exclude expired certificates from email notifications- Certificates that are already expired in the repository will be excluded from the email notifications.
iii. Send a separate email per certificate- Every expired certificate will be sent as a separate email with a unique subject.
Click Save.
Now, you have successfully added a new schedule.
To execute a schedule, click the execute schedule icon beside the respective schedule.

Note: The result of the schedule execution will get updated in the Schedule audit and also in the respective operation audits.

2. Edit schedules

To edit a schedule:

Navigate to the Schedule tab in the GUI.
Click the name of the schedule you would like to edit.
You will be redirected to the Edit Schedule window. You can edit all the details of the schedule except its name and type.
Click the Update button to save any modifications.

3. Enable/Disable schedules

The schedules can be enabled or disabled anytime. Use the disable option to stop the execution of a schedule temporarily without deleting it. When re-enabled, the schedule again starts its periodic execution.

To enable or disable a schedule execution:

Navigate to the Schedule tab in the GUI.
Select the schedules and click the Enable Schedule or Disable Schedule button. You will get a confirmation that the schedule has been enabled or disabled successfully.

Note: The schedules set to run only once cannot be enabled if they have already been executed. Modify the schedule to enable it.

4. Delete schedules

To delete a schedule:

Navigate to the Schedule tab in the GUI.
Select the schedules to be deleted.
Click the Delete Schedule button.
ClickOK in the confirmation pop-up window.

You will get confirmation that the schedules have been deleted successfully.