Check internal certificates expiration date
search cancel

Check internal certificates expiration date


Article ID: 217677


Updated On:


CA Client Automation - IT Client Manager CA Client Automation


Expired certificates may affect different components, the following error may be seen if a certificate is already expired:

|DETAIL | Trying to locate trusted signing certificate by SKID <DABF756B48AE8F45F57E9D05ED8B9D9F8FFD9F4A> Legacy <FALSE>
|DETAIL | Retrieving Certificate matching the hash alorithm = SHA2_256 public key size = 2048
|DETAIL | CFUtilities_GetDSMRegistryKey: requested: kDSMRegistryKeyInstall got: SOFTWARE\ComputerAssociates\Unicenter ITRM

|DETAIL | Reading the certificate: E:\CA\SC\CBB\certdb\47D4E15B0D834C726091E96A678ADA0DB20E22CD.der
|DETAIL | Reading signature algorithm from certificate data
|DETAIL | Data from certificate returned by CAPKI. Signature algorithm sha256WithRSAEncryptionRý zIl

|DETAIL | Certificate Found with the matching comstore criteria
|DETAIL | Certificate  found and trying to read data from certificate
|ERROR  | current time date and time does not fall with in the certificate validity period...


Client Automation - All Versions


In order to verify if a is still valid, the following command can be executed:

certutil -dumb <certificatefilename> 

The output of this command will show the time frame in which the certificate is valid (fields "Notbefore" and "NotAfter") as shown on this example:

Additional Information

A way to know which certificate to look at, the file ..\CA\SC\CBB\certstor.dat can be reviewed, there will be the subject and the file name of each, for example: