New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE

Notification that the CA is going to expire

Idea ID 2828834

Notification that the CA is going to expire

IDM Certificate Authority had expired. This meant that any items using certificate authentication, including many of our jobs and the Remote Loaders (connections from IDM to AD, 360, and ACF2) were no longer working .

There was no notification that the CA was going to expire. It would be nice to have a notification that the CA is getting ready to expire. 


Knowledge Partner Knowledge Partner
Knowledge Partner

The CA expiration date is an attribute on the object. You can read it from an LDAP search.

Micro Focus Expert
Micro Focus Expert
Status changed to: Under Consideration

@dgersic the CA expiration date is unfortunately not a separate attribute on the CA itself. It is available if you wish to parse out the dates from the Certificate(s) on the CA, just not exposed in a separate attribute at this time.

The date values are exposed in separate attributes on the Certificate object and those attributes are added/updated by the PKI Health Check process.

A quick solution might be adding the attributes "NDSPKI:Not After" and "NDSPKI:Not Before" to the CA object (class=NDSPKI:Certificate Authority), just like they are on the Certificate objects (class=NDSPKI:Key Material). The "NDSPKI:Public Key Certificate" attribute has the full Certificate including the valid dates embedded does exist on both object classes.

There is also the NDSPKI:Public Key Certificate EC that may come in to play these days as well.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.