Concerned if cert expires? Is there any way to know if a cert is actually used?
Is there any way to know if a certificate is actually used? Like a log somewhere?
Release : 16.0
Component : CA ACF2 for z/OS
Unfortunately there is no report or method to determine if a certificate is being used.
The ACF2 SAFRPTCR report displays the certificate hierarchy in your database. Optionally, it shows each certificate, its signing certificate, and the certificates that it has signed. You may also display all of the information provided on a CHKCERT command and LIST command. The display can be tailored so that only certificates from a particular user or key ring will be displayed. You can decide to show only certificates that are not expired, have a key in ICSF, and are currently trusted. You can also display only those certificates that will expire within 1-365 day range.
Details on the SAFRPTCR can be found in section Other CA ACF2 Utilities sub-section: "SAFCRRPT Certificate Utility".