A report is needed to show expired or soon expiring certificates
search cancel

A report is needed to show expired or soon expiring certificates

book

Article ID: 25847

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

A report is needed to show which certificates are either already expired or are going to expire soon.

 

Environment

Release: 16.0
Component: ACF2MS

Resolution

CA ACF2 has a utility called SAFCRRPT that can provide all of this information and more about the certificates and keyrings in the CA ACF2 INFOSTG database. It is documented at ACF2 SAFCRRPT - Certificate Utility  Here are examples of the JCL and parms that could be used for that report.

To list certificates that are going to expire within 31 days:

//SAFRPTCR EXEC PGM=SAFCRRPT,REGION=0M,          
//       PARM='TITLE(CERTIFICATE UTILITY REPORT)'
//**                                             
//SYSUDUMP DD SYSOUT=*                           
//SYSPRINT DD SYSOUT=*                           
//SYSIN DD *                                     
FIELDS(EXPIRE) EDAYS(31) RECORDID(-)            
//                                                                                                     

To list certificates that are already expired

//SAFRPTCR EXEC PGM=SAFCRRPT,REGION=0M,          
//       PARM='TITLE(CERTIFICATE UTILITY REPORT)'
//**                                             
//SYSUDUMP DD SYSOUT=*                           
//SYSPRINT DD SYSOUT=*                           
//SYSIN DD *                                     
DETAIL EXPIRED RECORDID(-)                       
//                                                                                     

Powered by Wolken Software