Is there a report or utility that will show which certificates are either already expired or are going to expire soon?

Document ID : KB000025847
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Is there a report or utility that will show which certificates are either already expired or are going to expire soon?

 

Answer:

CA ACF2 has a utility called SAFCRRPT that can provide all of this information and more about the certificates and keyrings in the CA ACF2 INFOSTG database. It is documented in the Reports and Utilities Guide, Chapter 24 "Other CA-ACF2 Utilities".  Here are examples of the JCL and parms that could be used for that report.

To list certificates that are going to expire within 31 days:

//jobname JOB account-number,'SAFCRRPT',MSGCLASS=X,NOTIFY=userid
// EXEC PGM=SAFCRRPT,PARM='DETAIL,EDAYS(31),RECORDID(-)'
//SYSPRINT DD SYSOUT=*
//REC0001 DD DSN=SYS1.MAN4,DISP=SHR
//*

To list certificates that are already expired:

//jobname JOB account-number,'SAFCRRPT',MSGCLASS=X,NOTIFY=userid
// EXEC PGM=SAFCRRPT,PARM='DETAIL,EXPIRED,RECORDID(-)'
//SYSPRINT DD SYSOUT=*
//REC0001 DD DSN=SYS1.MAN4,DISP=SHR
//*