Related Tips & Info

PKI Certificate Expiry Reporter

MigrationDeletedUser
0 Likes





  1. This utility requires an LDIF file as input.

    Providing a GUI utility which caters for all environments takes more development effort and is frankly unjustified considering there are already many tools available for collecting the required certificate data.



  • The LDIF file must contain objects of class "nDSPKIKeyMaterial" and attributes per object called "NDSPKIPublicKeyCertificate" (base64 encoded) AND "hostServer". (When an attribute name appears with "::" after it, then it is base64 encoded.)



  • Using a valid LDIF file as input, the PKI Key expiry date for each of the certificate objects will be extracted and reported.



  • The total number of years, months and days (independent of each other), remaining before expiry is calculated.



  • The results are written to a text report as well as a CSV (comma delimited file) in the format:

    Object Name , Context, Date Trusted Root Expires, Date Public Key Expires, Total Years Until PK Expires, Total Months Until PK Expires, Days Until PK Expires



  • A DOS batch file is provided to collection of the LDIF data uing ice.exe, called "Export-PKData.bat". Copy this file from the installation directory, into the directory where the ice.exe resides, e.g. "C:\novell\consoleone\1.2\bin".

    Execute the batch file to see a list of the command line parameters required.

    Using ICE/ldapsearch/iManager/ConsoleOne, export the certificate data for all objects of class nDSPKIKeyMaterial along with the attributes NDSPKIPublicKeyCertificate and hostServer.



  • If a non-eDirectory LDIF file is used, then it must only contain ONE class / object type, the objects which hold the NDSPKIPublicKeyCertificate or equivalent attribute. Use the Attribute Mapping feature to associate the attribute to the public key certificate





Copyright Novell AU Pty Ltd

This utility is provided without warranty or claims.

If you're not happy with it, keep searching.... the perfect tool might be out there.


Tags:

Labels:

Collateral
Comment List
Parents Comment Children
Related
Recommended

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.