Check internal certificates expiration date
Article ID: 217677
Updated On:
Products
Issue/Introduction
Expired certificates may affect different components, the following error may be seen if a certificate is already expired:
|DETAIL | Trying to locate trusted signing certificate by SKID <DABF756B48AE8F45F57E9D05ED8B9D9F8FFD9F4A> Legacy <FALSE>
|DETAIL | Retrieving Certificate matching the hash alorithm = SHA2_256 public key size = 2048
|DETAIL | CFUtilities_GetDSMRegistryKey: requested: kDSMRegistryKeyInstall got: SOFTWARE\ComputerAssociates\Unicenter ITRM|DETAIL | Reading the certificate: E:\CA\SC\CBB\certdb\47D4E15B0D834C726091E96A678ADA0DB20E22CD.der
|DETAIL | Reading signature algorithm from certificate data
|DETAIL | Data from certificate returned by CAPKI. Signature algorithm sha256WithRSAEncryptionRý zIl|DETAIL | Certificate Found with the matching comstore criteria
|DETAIL | Certificate found and trying to read data from certificate
|ERROR | current time date and time does not fall with in the certificate validity period...
Environment
Client Automation - All Versions
Resolution
In order to verify if a is still valid, the following command can be executed:
certutil -dump <certificatefilename>
The output of this command will show the time frame in which the certificate is valid (fields "Notbefore" and "NotAfter") as shown on this example:
Additional Information
A way to know which certificate to look at, the file ..\CA\SC\CBB\certstor.dat can be reviewed, there will be the subject and the file name of each, for example:
Feedback
