Tool

(View Disclaimer)

• PKI Certificate Expiry Reporter Overview (pdf)

1. This utility requires an LDIF file as input.
   Providing a GUI utility which caters for all environments takes more development effort and is frankly unjustified considering there are already many tools available for collecting the required certificate data.
2. The LDIF file must contain objects of class "nDSPKIKeyMaterial" and attributes per object called "NDSPKIPublicKeyCertificate" (base64 encoded) AND "hostServer". (When an attribute name appears with "::" after it, then it is base64 encoded.)
3. Using a valid LDIF file as input, the PKI Key expiry date for each of the certificate objects will be extracted and reported.
4. The total number of years, months and days (independent of each other), remaining before expiry is calculated.
5. The results are written to a text report as well as a CSV (comma delimited file) in the format:
   Object Name , Context, Date Trusted Root Expires, Date Public Key Expires, Total Years Until PK Expires, Total Months Until PK Expires, Days Until PK Expires
6. A DOS batch file is provided to collection of the LDIF data uing ice.exe, called "Export-PKData.bat". Copy this file from the installation directory, into the directory where the ice.exe resides, e.g. "C:\novell\consoleone\1.2\bin".
   Execute the batch file to see a list of the command line parameters required.
   Using ICE/ldapsearch/iManager/ConsoleOne, export the certificate data for all objects of class nDSPKIKeyMaterial along with the attributes NDSPKIPublicKeyCertificate and hostServer.
7. If a non-eDirectory LDIF file is used, then it must only contain ONE class / object type, the objects which hold the NDSPKIPublicKeyCertificate or equivalent attribute. Use the Attribute Mapping feature to associate the attribute to the public key certificate

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.