CA Top Secret

Tech-Tips: Certificate Utility SAFCRRPT- How to report on expired certificates. 

04-06-2016 08:27 AM

To do this you have to use the keyword EXPIRED.

 

This documented in TSS r16.0 documentation available at docops.ca.com

This is not documented in TSS r15.0 ninth edition, but works.

 

The example below reports on expiring certificates within the given time frame:

 

//SAFRPTCR EXEC PGM=SAFCRRPT,PARM='TITLE(CERTIFICATE DETAILED REPORT)',

//         REGION=0M                                                  

//SYSUDUMP DD SYSOUT=*                                                

//SYSPRINT DD SYSOUT=*                                                

//SYSIN DD *                                                          

RECORDID(-)  EDAYS(365)                                         

/*                                                                    

//  

                                                                 

The example below reports on expired certificates:

 

//SAFRPTCR EXEC PGM=SAFCRRPT,PARM='TITLE(CERTIFICATE DETAILED REPORT)',

//         REGION=0M                                                  

//SYSUDUMP DD SYSOUT=*                                                

//SYSPRINT DD SYSOUT=*                                                

//SYSIN DD *                                                          

RECORDID(-) EXPIRED                        

/*                                                                    

//                                                                    

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

05-09-2016 11:00 AM

Don,

 

Maybe for reference or eventual renewal.

 

Some certificates have to created a certain way for certain application or their are certain requirements that the site you are trying to establish a connection with.

 

Having the old certificate for reference can be helpful when recreating a new certificate, especially if you connect to many different sites and they all have different digital certificate requirements.

 

A expired certificate can always be renewed. If  a certificate is on hundreds of keyrings, doing a renewal will save an admin from adding a new certificate to all those keyrings. Creating a new certificate instead of a renewal, will require the certificate to be added to the hundreds of keyrings.

 

Please let me know if your question has been answered to your satisfaction.

 

Regards,

 

Joseph Porto - CA Level 1 Support

04-20-2016 02:17 PM

Is there any reason to keep EXPIRED certificates in the system or on a keyring? 

 

Folks around here are always wary about deleting certificates.

 

- Don

04-06-2016 01:23 PM

  • The r16 documentation about this topic can be found here (or even by starting with a Google search for "CA Top Secret 16.0 certificate utility").
  • The r15 documentation has been updated and will be available at next bookshelf republish.

Related Entries and Links

No Related Resource entered.