Idea Details

Certificate usage monitoring in ACF2.

Last activity 02-14-2019 10:39 AM
Ritesh Kumar's profile image
04-23-2018 11:53 AM

I would like to have option of certificate usage monitoring in ACF2. This will help us removing certificates that are not being used safely.

We are facing some issues whereas we cannot determine which certificates are being used in production, and leaving them there is just not a good idea. 

 

[Idea raised on behalf of Paul O'Flaherty, Technical Analyst, STATE OF CONNECTICUT]


Comments

02-14-2019 10:39 AM

This is certainly an interesting idea, but it would be extremely difficult to implement.  At our shop, we have run SECTRACEs on different applications that we believe are using certificates and found out that some (like CICS) are loading certificates every time they start, regardless of if some service inside that application actually uses the certificate or not.  So you would always see a "use" of the certificate when CICS starts, even if no process in CICS ever tries to read that certificate for something.