Certificate Expiry Job

Monitors Azure app registration certificate expiry and sends email notifications when certificates are about to expire.

Configuration class: CertificateExpiryJobCfg

Schedule base: RandomEveryDayScheduleCfg (runs once daily at a random time)

Purpose

When Azure app registration certificates approach expiration, this job sends email notifications to configured recipients. This prevents authentication failures due to expired certificates.

Configuration

Disabled

• Type: bool?
• Default: —
• Required: No
• Description: Disable this job without removing configuration

DetectDaysBeforeExpiration

• Type: int (list)
• Default: [30,14,7,6,5,4,3,2,1]
• Required: No
• Description: Check for expiry on these days before expiration. Sends one email per matching day. Example: [30,7] sends email 30 days before and 7 days before expiration.

Subject

• Type: string
• Default: "Warning: an application registration certificate will expire soon"
• Required: No
• Description: Email subject line

Cc

• Type: string (list)
• Default: —
• Required: No
• Description: CC addresses for the email notification. Array of email addresses.

Bcc

• Type: string (list)
• Default: —
• Required: No
• Description: BCC addresses for the email notification. Array of email addresses.

CurrentState

• Type: CertificateExpiryJobState
• Default: —
• Required: No
• Description: System-managed — stores current job state

Scheduling Properties

StartTime

• Type: TimeSpan?
• Default: —
• Description: Earliest time of day to run. Example: "08:00:00" for 8 AM.

EndTime

• Type: TimeSpan?
• Default: —
• Description: Latest time of day to run. Example: "18:00:00" for 6 PM.

Example Configuration

{
  "Disabled": false,
  "DetectDaysBeforeExpiration": [30, 14, 7],
  "Subject": "Alert: Application certificate expiring soon",
  "Cc": ["admin@company.com"],
  "Bcc": ["security@company.com"],
  "StartTime": "09:00:00",
  "EndTime": "17:00:00",
  "CurrentState": {}
}

How It Works

1. Job runs daily at a random time between StartTime and EndTime
2. Checks all Azure app registration certificates
3. For each certificate matching a day in DetectDaysBeforeExpiration, sends an email notification
4. Uses the configured Subject, Cc, and Bcc settings
5. Email recipients are set via global email configuration in SettingsCfg.Email

Email Recipients

The job sends to:

• Configured recipients in email settings (SettingsCfg.Email.EmailAddressTo)
• Plus any addresses in Cc and Bcc arrays

Configure email delivery in:

"Settings": {
  "Email": {
    "EmailAddressTo": "ops@company.com",
    "SmtpServerHost": "smtp.company.com",
    "SmtpServerPort": 587
  }
}

Notes

• Multiple notifications: If a certificate matches multiple days (e.g., is 30 days away on day 1, then 7 days away on day 2), you'll receive emails for each matching notification day
• Time zone: Uses server time zone for schedule calculations
• Certificate sources: Checks all certificates currently in use by the provisioning system

Related

• Global Settings Configuration — email settings
• Jobs — other background jobs
• Scheduling Jobs — schedule configuration