Hi,

I need to develop a service(Flow or JAVA) that can list all the expired/expiring Client certificates.
Please suggest if anyone has worked for such requirement.

Thanks in advance.

Looks a good requirement to me, to start off explore - WmRoot/wm.server.security.certificate

I will come with more information, can you share a sample client certificate for me to test this requirement.

Thanks for the prompt reply. Though i am not much aware of the ‘certificate thing’, but i have created a service using some services from WmRoot Package, here are the details:

INVOKE wm.server.security.keystore:listTrustStoreAliases
LOOP over ‘/trustStoreAliasNames’
INVOKE pub.security.keystore:getTrustedCertificates
LOOP over ‘/certificates’
INVOKE wm.server.security.certificate:getCertificateInfo
and then append the data to a document list.

But here we have one problem, we want to only check for the certificates listed in:

Security > Certificates > Configure Client Certificates

where as the service is giving me all the certificate aliases from trust store:

Can be seen here : Security > Keystore > View Truststore Alias

Please suggest.

Its pretty simple and straight forward. I was expecting a sample client certificate from you but anyways I created one myself.

Use the below two services to get the client certificate information that is currently installed on your IS. I tested in v8 the same should work in v9 and above

Use wm.server.security.certificate:listMappings to list the installed client certificates on IS

Pass issuer, serialNum to wm.server.security.certificate:getDetailedInfo. This will list out all the details that you need.

Contact me for further assistance or questions.

Thanks Mahesh, it worked.