Report to check for Certificates Close to Expiring
Report to check for Certificates Close to Expiring
I just wanted to share with you that there is a useful report that can be ran that will actually show the expired date in RED if it is set to expire within the time range that you specified. This is a much better process than having us go through STRUSTSSO2 for all of the 3rd party certificates. Plus, it will report the in house certificates.
Steps:
- Run the report SSF_ALERT_CERTEXPIRE from SE38
- Change the Number of Days until Expiry for example 45, and click Execute
- The certificates that will expire within 45 days will have the expiration date in RED
I like the fact that the potentially expiring certificate shows up in RED.
Thank you
Adil
Good One Adil! Very helpful.
Really helpful..gr888 stuff..keep it up..
Hi Nayeem,
we have a Java-only system (PI 7.4). Is there a way to find soon expiring certificates in key storage (NWA)?
BR,
Markus
for ABAP you can also use solman alerting - 2507235 - How to configure Expiring Certificates metrics in System Monitoring
for java oss note says you should just go to NWA to view which ones are expiring -2520663 - Certificate Expiration Notification on AS Java 7.1+ - wonder if there is a way to read the java tables for the data.
For Java, there is an API available, as described here
Use curl to extract the data (the command is four lines long, replace <hostname> & <port> in the last line):
curl -X POST -H “Content-Type: text/xml” -H “Cache-Control: no-cache” \
-d ‘<soapenv:Envelope xmlns:soapenv=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:api=”http://sap.com/aii/tpm/internal/api/”> \
<soapenv:Header/><soapenv:Body><api:GetKeystoreCertificates></api:GetKeystoreCertificates></soapenv:Body></soapenv:Envelope>’ \
https://<hostname>:<port>/KeystoreService/KeystoreServiceApi
Good one Adi
Parabéns, excelente....
nice