Card Automatic Update Process

This section describes the card automatic update process and provides procedural steps and illustrations for configuring this operation.

Processing Period

The ActivID CMS server-based solution is supposed to run in batch mode without any operator intervention. To accomplish this, the processing period must be relative to the batch processing time. A processing period defines an interval for which expiring certificates will be retrieved. This interval is composed of:

  • A starting point—this starting point is relative to the batch execution time. This number is an integer and can be a positive or negative value. A zero value indicates that the beginning of the processing period will be the day the batch starts. A value of “1” indicates that the beginning of the processing period will be the next day after the batch starts.

  • A duration—this integer corresponds to the duration, in days, of the processing period.

Processing Period Examples

This section provides some samples to illustrate the concept of processing periods.

  • If an administrator wants to start a renewal batch every Monday, and check for certificates that will expire the following week, then the processing period is (7,7). This means that the Windows schedule needs to be configured every Monday.

  • If an administrator wants to start an administration batch every Sunday that checks for the certificates that are about to expire the next week, then its processing period is (1,7). This means that the Windows schedule needs to be configured every Sunday.

  • If an administrator wants to start an administration batch every Sunday and check for certificates that expired during the week, then its processing period is (-6,7). This means that the Windows schedule needs to be configured every Sunday.

All processing periods are stored in configuration files, and each processing period is referenced as a processing identifier (process ID). The renewal batch and the administration batch have their processing periods stored into separate XML files:

  • ./conf/renewalProcesses.xml—for the renewal batches.

  • ./conf/administrationProcesses.xml—for the administration batches.

  • ./conf/updateProcesses.xml—for the update batches.

The above three files have exactly the same structure. The following example illustrates this file structure:

Copy 
<processes>
    <process id="everyDay">
        <description>Configure a renewal process to run for certificates that will expire exactly in 35 days</description>
        <period begin="35" duration="1"/>
    </process>
    <process id="onceAWeek">
        <description>Configure a renewal process to run for certificates that will expire exactly in 35 days for a period of 7 days</description>
        <period begin="35" duration="7"/>
    </process>
</processes>

Before starting to use the renewal or administration batches, you must define a strategy and configure these two files accordingly:

  • Each XML file is composed of an element processes that contains a list for each processing period.

  • Each processing period is defined by the content of the process element as shown in the following example:

    Copy 
    <process id="everyDay">
        <description>Configure a renewal process to run for certificates that will expire exactly in 35 days</description>
        <period begin="35" duration="1"/>
    </process>

  • The id attribute is the primary key to referencing the processing period. It must be unique across the file (but you can have the same attribute referenced in the renewal process and in the administration process). This "id" is passed as an argument in the batch process.

  • The description is only used by the operator to describe the processing period.

  • The begin and duration attributes define the period.