Skip to Content
Product Information
Author's profile photo Chinmay Laud

SAP CPI Keystore Expiry – Email Notification – Simplest of All

Hi Readers,


Hope you are all doing good.

As you all know, SAP CPI does not have an inbuilt mechanism for the expiry of certificates in the Keystore. The developer will understand when the messages are failed in the Monitoring.

But stalwarts in SAP have already found a way to enable such notification in SAP CPI. But my blog is different as it does not provide you with a new discovery but the simplest approach to do it. Here I have not used any Scripts/XSL Mappings/Local integration process or anything, I have just used UDF (difference in the date) in the graphical mapping which will get you the desired outcome.

I have leveraged the core functionality of SAP CPI that is No Code and created this Process Improvement.



Kindly follow the below procedure and get email alerts for your expiring Keystore artifacts:

  1. First and foremost, you will need a timer to start the flow, you can select duration based on your use case. The tenant OData API will pull all the keystore details from the tenant and return an XML output. The credentials I have used is the S-User id (here I have used my for the demo but you can use a service user as well).
  2. The Processing Tab should have the below-mentioned configs.
  3. Now the simplest step is to create a Graphical Mapping. The main aim of the graphical mapping is to create a field on the receiver side which is Notif_Flag (remaining days for the certificate to expire). The ValidNotAfter field provides the expiration date of the certificate, hence firstly filtering all the past dates. Then using the date difference UDF gets the difference between the expiration date and today’s date. A simpler thing here to do is use a CreateIf function and use the expiration date which will be in the next two months or three months. Hence the KeystoreEntry and Notif_Flag tags will only be created for values less than 90 days (i.e. certificates expiring in 90 days or less)Mapping%20Output
  4. Now the part of creating an alert format. As I am using the message mapping I was getting the output in XML and hence I converted it to CSV with tab-separated which will look good in the email body.
  5. Also, I use a Content Modifier to save the body and pass the same in the Send Tag.
  6. For reference, I have also kept the details for the Outbound Mail Adapter. You will find separate blogs for this configuration as well.Mail%20Configuration

Thanks for your time.


Hope you had a good read.



Chinmay M Laud.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Minh Tri Le
      Minh Tri Le

      Hi Chinmay Laud,

      Thanks for a great blog.

      Could you please explain more in Step 3 create a Graphical Mapping?

      I don't know how to add the field Notif_Flag in the target message?

      If possible, please upload the target message schema.

      You also said "Then using the date difference UDF gets the difference between the expiration date and today’s date. A simpler thing here to do is use a CreateIf function and use the expiration date which will be in the next two months or three months"

      Could you please add more details how to use CreateIf?



      Author's profile photo Chinmay Laud
      Chinmay Laud
      Blog Post Author

      Hi Tri,

      Thanks for your reply, I appreciate it!

      I manually added the Notif_Flag field in the receiver side xsd.

      I preferred using Ifwithoutelse as it will compare and suppress the non-satisfying values at the same time.

      Sorry, but using createif doesn't sound right cause after using the createif function, the output tag will be created but for adding the value in that field you again need some node function to check the output of the create if, and based on that you will add the output of date difference udf.



      Chinmay M Laud

      Author's profile photo Philippe Addor
      Philippe Addor

      Minh Tri Le, look at my Git repo, there you find a working solution!


      Author's profile photo SABARINATH A

      Hi Chinmay Laud,
      Great Post from your side, Expecting more in future.

      While I tried the iFlow I encountered an error in the first step, while calling the odata service



      Odata V2 in Credential I have added the Client Id , Client Secret



      Im getting the following error while selecting resource path at Processing of Odata


      Author's profile photo Efe Demirtas
      Efe Demirtas


      I also get this one, did you find any solutions?

      Author's profile photo Joel Trinidade
      Joel Trinidade

      Good Post !!

      For easy reference , Other alternative blogs published in the past regarding Alert notification for expiring certificates

      Author's profile photo Ankur Agrawal
      Ankur Agrawal

      Hi Chinmay Laud,

      Thanks for the blog.

      Could you please share the UDF code.


      Thanks in Advance.

      Ankur Agrawal.

      Author's profile photo Philippe Addor
      Philippe Addor

      I quickly implemented a solution based on this concept with some improvements. For example, it doesn't send an email when nothing expires. And I have built the UDF and mapping to check for days till expiry to create the alert based on a configurable alert threshold.

      For everybody who is struggling with creating the XSDs and the mapping/UDF, or simply doesn't want to spend time implementing something that should be standard ;-), feel free to download the configurable IFlow from my Git repo:

      Kind regards, Philippe