Concerned if cert expires? Is there any way to know if a cert is actually used?

book

Article ID: 144608

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

Concerned if cert expires? Is there any way to know if a cert is actually used?
Is there any way to know if a certificate is actually used? Like a log somewhere? 

 

 

Environment

Release : 16.0
Component : CA ACF2 for z/OS

Resolution

Unfortunately there is no report or method to determine if a certificate is being used. 

The ACF2 SAFRPTCR report  displays the certificate hierarchy in your database. Optionally, it shows each certificate, its signing certificate, and the certificates that it has signed. You may also display all of the information provided on a CHKCERT command and LIST command. The display can be tailored so that only certificates from a particular user or key ring will be displayed. You can decide to show only certificates that are not expired, have a key in ICSF, and are currently trusted. You can also display only those certificates that will expire within 1-365 day range.

Details on the SAFRPTCR can be found in section Other CA ACF2 Utilities sub-section: "
SAFCRRPT Certificate Utility".