Report on Digital Certificates about to Expire

book

Article ID: 20327

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Description:

What report will list Digital Certificates that will expire within a specified number of days?

Solution:

The CA-Top Secret Report & Tracking Guide:

SAFCRRPT Utility

------------------------

About the Certificate Utility

--------------------------------------

Use the Certificate Utility to display the certificate hierarchy in your database. Optionally, it will display each certificate, its signing

certificate, the certificates that it has signed, and all of the information provided with the CHKCERT and LIST commands. Execution of

SAFCRRPT requires a region size of 1500K.

You can tailor the output to display certificates:


 * For a specified user       
 * For a specified key ring 
 * That have not expired
 * That have a key in ICSF
 * That are currently trusted
 * That will expire within a specified number of days

EDAYS(expire days) - Specifies that only certificates that expire within the specified number of days are displayed.

Range: 1 to 365

The following is sample JCL to run the certificate utility. This JCL is found in the CAI.CAKOJCL0 file on the distribution tape. The member name is

CERTUTIL:

 //SAFRPTCR EXEC PGM=SAFCRRPT,PARM='TITLE(Certificate detailed report)'       
 //STEPLIB DD DISP=SHR,DSN=CAI.CAKOLINK 
 //SYSUDUMP DD SYSOUT=*
 //SYSPRINT DD SYSOUT=*
 //SYSIN DD *
 RECORDID(-) EDAYS(90) DETAIL TITLE('TEST EDAYS')

Environment

Release:
Component: AWAGNT