× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2006

RE: Digital Certificate Expiration

 
Sounds good, I'll see if someone here can get me into that link.

Thanks

--
Doug Hart 
 



Doug,

I wrote a command called CHKCERT that you can run to check when a
certificate will be expired.  For example, you might do this:

      CHKCERT HOST(www.klements.com) PORT(443) DAYS(7)

It will connect to www.klements.com and check that the SSL certificate
will be good for at least 7 more days.  If not, it'll send back an
*ESCAPE message.

That means you can write a CL program that runs this command and do
something like this:

PGM

    CHKCERT    HOST(www.klements.com) PORT(443) DAYS(7)
    MONMSG CPF0000 EXEC(DO)
        SNDMSG MSG('WWW.KLEMENTS.COM:443 WILL BE EXPIRED!') +
               TOUSR(KLEMSCOT)
    ENDDO

ENDDO

(You could change the SNDMSG to SNDDST if you prefer to send e-mail,
etc.) Then you could configure your job scheduler to run that program
every morning (for example) so that you'd have a week's notice if a
certificate is going to expire.  If you forgot to replace it, you'd get
another message the next day, etc.

This CHKCERT tool was written for an article entitled "How to Check if
SSL Certificates Are Expired" that I published in the Club Tech iSeries
Programming Tips newsletter.  If you have a Pro subscription to
iSeriesNetwork.com, you can read the article and download the tool from
the following link:
http://www.iseriesnetwork.com/article.cfm?id=51386

---
Scott Klement  http://www.scottklement.com


On Tue, 2 May 2006, Hart, Doug - ETG (Contractor) wrote:

>
> How are people managing digital certificate expirations?
>
> We are setting up SSL for our MQ queues.  This is for different
iSeries
> partitions in different datacenters and some PC servers.  The default
> when creating DCs is that they expire in one year.  I'm assuming that
> when I renew my certificates that I'll need to export them back out to
> the other systems.  This is about a 2 hours process.
>
> Other than setting a reminder in my calendar for next year I see no
way
> to remember this.  I see no way the iSeries will remind me other than
> the application failing.   Heck, I might not even be involved with
this
> next year.
>
> --
> Doug Hart



************************************
This e-mail and any files transmitted with it are proprietary and intended 
solely
for the use of the individual or entity to whom they are addressed. If you have
received this e-mail in error please notify the sender. Please note that any 
views
or opinions presented in this e-mail are solely those of the author and do not
necessarily represent those of ITT Industries, Inc. The recipient should check
this e-mail and any attachments for the presence of viruses. ITT Industries 
accepts
no liability for any damage caused by any virus transmitted by this e-mail.
************************************

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.