enter the JCS connector password when being prompted for the keystore password.
In the output of those command, look for the line below:
Valid from: xxxxxxxxxx until: xxxxxx
Provisioning Directory and CA Directory ==================================== On the machines where the Provisioning Directory is installed, open a command prompt and run the command:
dxcertgen report
This command will list all the certificates and their validity dates. Expired certificates will be marked as invalid. Here is an example:
- <hostname>-impd-notify.pem - certificate : 1 version : 3 serialNum : 311 issuer : /C=US/ST=NY/L=Islandia/O=Identity Management/OU=Provisioning Servi ces notBefore : Nov 28 18:26:00 2007 GMT notAfter : Nov 25 18:26:00 2017 GMT subject : /C=US/ST=NY/O=Identity Management/OU=Provisioning Services/CN=eta_ server status : *** INVALID ***
- <hostname>-imps-router.pem - certificate : 1 version : 3 serialNum : 311 issuer : /C=US/ST=NY/L=Islandia/O=Identity Management/OU=Provisioning Servi ces notBefore : Nov 28 18:26:00 2007 GMT notAfter : Nov 25 18:26:00 2017 GMT subject : /C=US/ST=NY/O=Identity Management/OU=Provisioning Services/CN=eta_ server status : *** INVALID ***
If the certificates have not expired, take note of the notAfter date for future reference.
Jboss ======= This is depends on two things: a) If connection between IM and provisioning server is on SSL or non-SSL. If it is not SSL, then no need to check. b) If it is on SSL, then how JBoss keystore is setup by the customer, i.e a dedicated keystore (which CA Support will not know where about it is) or a JDK default keystore.
By default, JBoss keystore is called cacerts in the JDK path where JBoss is pointing to, for example
keytool -list -v -alias <name of the provisioning root cert> -keystore "C:\Program Files\Java\jdk1.7.0_79\jre\lib\security\cacerts"
The default password for cacerts is "changeit" unless it has been changed by customer.
In the output, check the value in Valid from: xxxxxxxxxx until: xxxxxx
For the custom keystore, customer can use the same command above but replace the value for -keystore with appropriate path and name.