Identifying Digital Certificates That Are In Use In Top Secret
Article ID: 136272
Updated On:
Products
Top Secret
Issue/Introduction
Is there a way to monitor the usage of certificates in Top Secret to assist with cleanup on certificates that are not in use?
Environment
Release : 16.0
Component : CA Top Secret for z/OS
Resolution
There isn't a way in Top Secret to track what certificates are or aren't being used. Top Secret does have a SAFCRRPT utility that can be used to display the certificate hierarchy in the database. Optionally, it will display each certificate, its signing certificate, the certificates that it has signed, and all of the information provided with the CHKCERT and LIST commands.
The output can be taylored to display certificates:
- For a specified user
- For a specified key ring
- That have not expired
- That have a key in ICSF
- That are currently trusted
- That will expire within a specified number of days
For more information on the SAFCRRPT utility, please see the following link:
Certificate Utility
Member CERTUTIL in the Top Secret r16 CAKOJCL0 library contains sample jcl for the utility.
The output can be taylored to display certificates:
- For a specified user
- For a specified key ring
- That have not expired
- That have a key in ICSF
- That are currently trusted
- That will expire within a specified number of days
For more information on the SAFCRRPT utility, please see the following link:
Certificate Utility
Member CERTUTIL in the Top Secret r16 CAKOJCL0 library contains sample jcl for the utility.
Feedback
Yes
No
Powered by
