DataPower

I need to collect the details of public key(certificate) uploaded in cert folder in DP appliance application domain to make an inventory of certificate details. Is there any easy way to collect the details mainly expiry date of certificate without manually opening each file and collect the details. We have cert expiry notification configured, but we need a list of all certs irrespective of their expiry date.Please help if there is any easy way to collect the details.

You can use the XML management command  "CryptoExport".   There is another op "ViewCertificateDetails".    Both ultimately export the certificate in Base64, which you'll have to decode from PEM and then read into something that can reveal the certificate information.

Or (Shameless Plug), you can use KumbaSoft's DPAA®, which comes with a comprehensive ability to list, find, export, update, & renew certificates, plus thousands upon thousands of other features.

Hi Shanmuga,
There is a SOMA request

         <man:do-view-certificate-details>
            <man:certificate-object>?</man:certificate-object>
         </man:do-view-certificate-details>

so if you know your DataPower certificate object names, you could use this SOMA call in a script that does this.  I also found this very old article on the internet on the XML Rest Management Interface ... https://www.ibm.com/support/pages/how-can-i-query-certificate-details-using-datapower-rest-management-interface-rmi
The links are broken which is a shame, but this shows you how you can use one HTTP GET to the ROMA interface to get the list of certificate objects in your domain, and then you can use a HTTP POST of a file with that object name to query the certificate details.  This should be scriptable.  I gave it a try

curl https://<myip>:5554/mgmt/config/<mydomain>/CryptoCertificate -k -u admin:<password>

which returned a JSON object with a list of all of my cert object in that domain

{
  "_links": {
    "self": {
      "href": "/mgmt/config/<mydomain>/CryptoCertificate"
    },
    "doc": {
      "href": "/mgmt/docs/config/CryptoCertificate"
    }
  },
  "CryptoCertificate": [
    {
      "name": "SAML-SigningCredentialsCert1",
      "_links": {
        "self": {
          "href": "/mgmt/config/<mydomain>/CryptoCertificate/SAML-SigningCredentialsCert1"
        },
        "doc": {
          "href": "/mgmt/docs/config/CryptoCertificate"
        }
      },
      "mAdminState": "enabled",
      "Filename": "cert:///swlinn1-sscert.pem",
      "PasswordAlias": "off",
      "IgnoreExpiration": "off"
    },
    <more certs removed for brevity
  ]
}

I then took my object name and placed it into a JSON object to POST

{
  "ViewCertificateDetails": {
    "CertificateObject": "SAML-SigningCredentialsCert1"
  }
}

And the following curl returned my cert details

curl https://<myip>:5554/mgmt/actionqueue/<mydomain> -k -u admin:<password> --data-binary @\tmp\roma-getcertdetails.json

{
  "_links": {
    "self": {
      "href": "/mgmt/actionqueue/<mydomain>"
    },
    "doc": {
      "href": "/mgmt/docs/actionqueue"
    }
  },
  "ViewCertificateDetails": "Operation completed.",
  "CryptoCertificate": {
    "CertificateObject": "SAML-SigningCredentialsCert1",
    "Domain": "<mydomain>",
    "CertificateDetails": {
      "fingerprint-sha1": "82:89:16:23:CD:FD:3D:21:1A:07:E3:65:93:7D:AD:8D:E2:FC:C0:D8",
      "Version": 3,
      "SerialNumber": "919377881864239011",
      "SignatureAlgorithm": "sha256WithRSAEncryption",
      "Issuer": "C=US, ST=NC, L=Charlotte, O=IBM, OU=DataPower, CN=swlinn.us.ibm.com",
      "NotBefore": "2019-04-03T18:48:46Z",
      "NotAfter": "2029-03-31T18:48:46Z",
      "Subject": "C=US, ST=NC, L=Charlotte, O=IBM, OU=DataPower, CN=swlinn.us.ibm.com",
      "SubjectPublicKeyAlgorithm": "rsaEncryption",
      "SubjectPublicKeyBitLength": 2048,
      "KeyValue": {
        "RSAKeyValue": {
          "Modulus": "removed for brevity",
          "Exponent": "AQAB"
        }
      },
      "Extensions": {
        "Extension": [
          {
            "critical": "false",
            "name": "basicConstraints",
            "oid": "2.5.29.19",
            "isder": "false",
            "item": {
              "value": "TRUE",
              "name": "CA"
            }
          },
          {
            "value": "73:88:54:4E:4F:49:98:2E:03:41:20:66:F8:C9:35:F0:4B:1C:50:85",
            "critical": "false",
            "name": "subjectKeyIdentifier",
            "oid": "2.5.29.14",
            "isder": "false"
          },
          {
            "critical": "false",
            "name": "authorityKeyIdentifier",
            "oid": "2.5.29.35",
            "isder": "false",
            "item": [
              {
                "value": "73:88:54:4E:4F:49:98:2E:03:41:20:66:F8:C9:35:F0:4B:1C:50:85",
                "name": "keyid"
              },
              {
                "value": "/C=US/ST=NC/L=Charlotte/O=IBM/OU=DataPower/CN=swlinn.us.ibm.com",
                "name": "DirName"
              },
              {
                "value": "0C:C2:49:4F:FE:DE:77:A3",
                "name": "serial"
              }
            ]
          },
          {
            "critical": "false",
            "name": "keyUsage",
            "oid": "2.5.29.15",
            "isder": "false",
            "item": [
              {
                "name": "Digital Signature"
              },
              {
                "name": "Key Encipherment"
              },
              {
                "name": "Data Encipherment"
              },
              {
                "name": "Key Agreement"
              },
              {
                "name": "Certificate Sign"
              }
            ]
          }
        ]
      },
      "Base64": "removed for brevity"
    }
  }
}

Happy scripting!
Best Regards,
Steve Linn

------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
------------------------------