Thanks Robert, right now i install on customer IBMi the QGMTOOLS and test into the PRTSTORE command .
Into the results TXT i can find the query like this :
*SYSTEM Store Certificates expired or set to expire in 0 days
--------------------------------------------------------------------------------
SELECT * FROM TABLE(QSYS2.CERTIFICATE_INFO(CERTIFICATE_STORE_PASSWORD=> 'xxxxxxxxxxxxxxxx')) WHERE VALIDITY_END < CURRENT DATE + 0 DAYS
*SYSTEM Store Certificates EXPIRING in 30 days
--------------------------------------------------------------------------------
SELECT * FROM TABLE(QSYS2.CERTIFICATE_INFO(CERTIFICATE_STORE_PASSWORD=> 'xxxxxxxxxxxxxxxx')) WHERE VALIDITY_END BETWEEN CURRENT DATE AND CURRENT DATE + 30 DAYS
--------------------------------------------------------------------------------
SELECT * FROM TABLE(QSYS2.CERTIFICATE_INFO(CERTIFICATE_STORE_PASSWORD => <PASSWORDnotListed>))
Thanks for your documentation and i'll expand the QMGTOOLS query with other info i need from DCM.
Have a good day.
------------------------------
Luca Maurizio Verzicco
IBMi Service and PreSales Manager
S2E - Solution to Enterprise
Milano - Italy
+39 380 6570039
------------------------------
Original Message:
Sent: Thu February 13, 2025 09:05 AM
From: Robert Berendt
Subject: Check TLS/SSL expiration date in IBMi without DCM
Navigator will have an option Security, IBM Digital Security Manager. Once you open the *SYSTEM you can see it there.
If you want to program for this, check out https://www.ibm.com/docs/en/i/7.5?topic=services-certificate-info-table-function
If you're not finding it on your system check out versions and ptf levels needed for it at https://www.ibm.com/support/pages/ibm-i-services-sql Oh crap, they don't have CERTIFICATE_INFO on that last site yet. Oh Scott....
------------------------------
Robert Berendt IBMChampion
Business Systems Analyst, Lead
Dekko
Fort Wayne
Original Message:
Sent: Thu February 13, 2025 08:51 AM
From: Luca Maurizio Verzicco
Subject: Check TLS/SSL expiration date in IBMi without DCM
Hi, we have to check the status and validity of the TLS / SSL CA and Server certificates every week.Is there a way to get this kind of information from a program or QSYS2 query... easy, fast and valuable?I'm investigating how to control DCM via iNavigator or figure out how to use external tools like QMGTools to retrieve certificates... Any ideas? .. I know that there are some monitors on the market (Kisco for example) that do this and they can be a solution to solve my problem.Not just to know... if there should be a QSYS2 or internal audit to be done. Thank you .
------------------------------
Luca Maurizio Verzicco
IBMi Service and PreSales Manager
S2E - Solution to Enterprise
Milano - Italy
+39 380 6570039
------------------------------