I have submitted a proposal for an enhancement to IBM i DCM to add a Last Use Timestamp (and Use Count) to every certificate in the store to help system admin with housekeeping decision.   For those who also need this proposed idea, please help cast your votes for my proposal here:  https://ideas.ibm.com/ideas/IBMI-I-3786

Thanks.

------------------------------
Chance favors only the prepared mind.
-- Louis Pasteur
------------------------------
Satid S.
------------------------------

Hi Satid, 

I like the idea, and have voted. 

By coincidence I have very recently been doing quite a bit of certificate work that led to running an audit of TLS connections that includes a running count of TLS connections. This is via the SST Advanced Analysis command TLSCONFIG, and setting the required options in the QAUDLVL system value.

Also came up with a process where we can identify the certificate used by a specific TLS connection using the TRCCNN command and analysing the output using Wireshark. This was more a case of being curious that after a certificate change that the subsequent TLS connections were using the correct (new) certificate. 

If this is something you may be interested in I can send more details later.

Regards,

Jozsef. 

Original Message:
Sent: Mon September 18, 2023 01:29 AM
From: Satid Singkorapoom
Subject: IBM i DCM - Last Use Timestamp for each certificate

I have submitted a proposal for an enhancement to IBM i DCM to add a Last Use Timestamp (and Use Count) to every certificate in the store to help system admin with housekeeping decision.   For those who also need this proposed idea, please help cast your votes for my proposal here:  https://ideas.ibm.com/ideas/IBMI-I-3786

Thanks.

------------------------------
Chance favors only the prepared mind.
-- Louis Pasteur
------------------------------
Satid S.
------------------------------

Dear Jozsef

>>>>> Also came up with a process where we can identify the certificate used by a specific TLS connection using the TRCCNN command and analysing the output using Wireshark. <<<<<

I'm interested in learning how to do this.  Please help post the information when you have free time. 

Thanks. 

Hi Satid, 

I like the idea, and have voted. 

By coincidence I have very recently been doing quite a bit of certificate work that led to running an audit of TLS connections that includes a running count of TLS connections. This is via the SST Advanced Analysis command TLSCONFIG, and setting the required options in the QAUDLVL system value.

Also came up with a process where we can identify the certificate used by a specific TLS connection using the TRCCNN command and analysing the output using Wireshark. This was more a case of being curious that after a certificate change that the subsequent TLS connections were using the correct (new) certificate. 

If this is something you may be interested in I can send more details later.

Regards,

Jozsef. 

Original Message:
Sent: Mon September 18, 2023 01:29 AM
From: Satid Singkorapoom
Subject: IBM i DCM - Last Use Timestamp for each certificate

I have submitted a proposal for an enhancement to IBM i DCM to add a Last Use Timestamp (and Use Count) to every certificate in the store to help system admin with housekeeping decision.   For those who also need this proposed idea, please help cast your votes for my proposal here:  https://ideas.ibm.com/ideas/IBMI-I-3786

Thanks.

------------------------------
Chance favors only the prepared mind.
-- Louis Pasteur
------------------------------
Satid S.
------------------------------

Dear Jozsef

>>>>> Also came up with a process where we can identify the certificate used by a specific TLS connection using the TRCCNN command and analysing the output using Wireshark. <<<<<

I'm interested in learning how to do this.  Please help post the information when you have free time. 

Thanks. 

Hi Satid, 

I like the idea, and have voted. 

By coincidence I have very recently been doing quite a bit of certificate work that led to running an audit of TLS connections that includes a running count of TLS connections. This is via the SST Advanced Analysis command TLSCONFIG, and setting the required options in the QAUDLVL system value.

Also came up with a process where we can identify the certificate used by a specific TLS connection using the TRCCNN command and analysing the output using Wireshark. This was more a case of being curious that after a certificate change that the subsequent TLS connections were using the correct (new) certificate. 

If this is something you may be interested in I can send more details later.

Regards,

Jozsef. 

Original Message:
Sent: Mon September 18, 2023 01:29 AM
From: Satid Singkorapoom
Subject: IBM i DCM - Last Use Timestamp for each certificate

I have submitted a proposal for an enhancement to IBM i DCM to add a Last Use Timestamp (and Use Count) to every certificate in the store to help system admin with housekeeping decision.   For those who also need this proposed idea, please help cast your votes for my proposal here:  https://ideas.ibm.com/ideas/IBMI-I-3786

Thanks.

------------------------------
Chance favors only the prepared mind.
-- Louis Pasteur
------------------------------
Satid S.
------------------------------