Summary:
Venafi™ Trust Protection Platform (TPP) provides a flexible macro language that allows administrators to automatically populate custom input for system configuration fields. This macro language is particularly useful when configuring system notifications. Using the macro language, administrators can populate variable content for fields such as Message Recipient, System IP Address, and other information.
Macros are contained within the Channel object and channels are called from Notifications. If your notification points to a channel containing macros but the macros called do not pertain to the specific notification you will only get the macro string as the data and not the desired output.
Example:
Message body contains:
The certificate for system $CN[$Event.Component$]$ will expire in $Event.Value1$ days, on $Event.Text1:RFC822Local$
The expected output would be the certificate common name, how many days until expiration, and the date of expiration, but if you called this channel from something like the Discovery Completed Notification your actual output would simply be the original string used in the channel body.
The certificate for system $CN[$Event.Component$]$ will expire in $Event.Value1$ days, on $Event.Text1:RFC822Local$
Here is an example to return the SAN in the certificate object
`$CERTIFICATEFIELD[$Event.Component$,SAN]$`
More Info:
Notification macros should be added to the Subject and Message Body of selected Channel. To locate these:
- Open Venafi TPP WinAdmin
- Select the Logging tree from the upper left hand corner drop down selection
- Expand the Channels object
- Create a new channel object or edit an existing one
- Enter your desired macros into the Subject field and or the Message Body of the channel
Some Macro examples:
- List the certificate common name, how many days until expiration, and the date of expiration:
The certificate for system $CERTIFICATEFIELD[$Event.Component$,"CN"]$ will expire in $Event.Value1$ days, on $Event.Text1:RFC822Local$
- List what applications are associated to a certificate:
This certificate has the following applications associated to it: $Config[$$Event.Component$$,"Consumers",",\"]$
- List the certificate IP address/addresses:
Your certificate IP address/addresses for this certificate are: $Config[$$ParentDN[$$Event.Component$$]$$,"Host"]$
- List who the Contact is either the user or the group
$Identity[$Config[$Event.Component$,”Contact”]$]$
- List the email address(es) of users and group members
$ContactEMail[$Event.Component$]$
- List the Approvers of a certificate
$Config[$Event.Component$,”Approver”,”,\”]$
- List the driver type for the application associated your certificate
$Config[$ParentDN[$Event.Component$]$,”Driver Name”]$
Comments
Very helpful! Thanks for the tips!
Thanks Mark Great explanation