PKI Certificate Expiry Reporter


  1. This utility requires an LDIF file as input.

    Providing a GUI utility which caters for all environments takes more development effort and is frankly unjustified considering there are already many tools available for collecting the required certificate data.

  • The LDIF file must contain objects of class "nDSPKIKeyMaterial" and attributes per object called "NDSPKIPublicKeyCertificate" (base64 encoded) AND "hostServer". (When an attribute name appears with "::" after it, then it is base64 encoded.)

  • Using a valid LDIF file as input, the PKI Key expiry date for each of the certificate objects will be extracted and reported.

  • The total number of years, months and days (independent of each other), remaining before expiry is calculated.

  • The results are written to a text report as well as a CSV (comma delimited file) in the format:

    Object Name , Context, Date Trusted Root Expires, Date Public Key Expires, Total Years Until PK Expires, Total Months Until PK Expires, Days Until PK Expires

  • A DOS batch file is provided to collection of the LDIF data uing ice.exe, called "Export-PKData.bat". Copy this file from the installation directory, into the directory where the ice.exe resides, e.g. "C:\novell\consoleone\1.2\bin".

    Execute the batch file to see a list of the command line parameters required.

    Using ICE/ldapsearch/iManager/ConsoleOne, export the certificate data for all objects of class nDSPKIKeyMaterial along with the attributes NDSPKIPublicKeyCertificate and hostServer.

  • If a non-eDirectory LDIF file is used, then it must only contain ONE class / object type, the objects which hold the NDSPKIPublicKeyCertificate or equivalent attribute. Use the Attribute Mapping feature to associate the attribute to the public key certificate

Copyright Novell AU Pty Ltd

This utility is provided without warranty or claims.

If you're not happy with it, keep searching.... the perfect tool might be out there.



Comment List
Parents Comment Children