Reporting on expired, expiring, and unused certificates.
search cancel

Reporting on expired, expiring, and unused certificates.


Article ID: 144608


Updated On:


ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC


Reporting on expired, expiring and unused certificates is needed.




Release : 16.0
Component : CA ACF2 for z/OS


Unfortunately there is no report or method to determine if a certificate is being used. 

The ACF2 SAFRPTCR report  displays the certificate hierarchy in your database. Optionally, it shows each certificate, its signing certificate, and the certificates that it has signed. You may also display all of the information provided on a CHKCERT command and LIST command. The display can be tailored so that only certificates from a particular user or key ring will be displayed. You can decide to show only certificates that are not expired, have a key in ICSF, and are currently trusted. You can also display only those certificates that will expire within 1-365 day range.

Details on the SAFRPTCR can be found in at  ACF2 SAFCRRPT - Certificate Utility