Novell Home

PKI Certificate Expiry Reporter

Novell Cool Solutions: Cool Tool

Rate This Page

Reader Rating  stars  from 2 ratings

Digg This - Slashdot This

In Brief

This utility simply reports the certificate expiry date, it does not validate certificates.ident

Vitals

Product Categories:
  • eDirectory
    • Functional Categories:
  • Identity & Security Management
    • Posted:6 Aug 2007
    File Size:1.43MB
    License:Free
    Download:/coolsolutions/tools/downloads/LDIFCertReporter.zip
    Publisher:Lionel Bartlett

    Disclaimer

    Please read the note from our friends in legal before using this file.


    Details

    1. This utility requires an LDIF file as input.
      Providing a GUI utility which caters for all environments takes more development effort and is frankly unjustified considering there are already many tools available for collecting the required certificate data.

    2. The LDIF file must contain objects of class "nDSPKIKeyMaterial" and attributes per object called "NDSPKIPublicKeyCertificate" (base64 encoded) AND "hostServer". (When an attribute name appears with "::" after it, then it is base64 encoded.)

    3. Using a valid LDIF file as input, the PKI Key expiry date for each of the certificate objects will be extracted and reported.

    4. The total number of years, months and days (independent of each other), remaining before expiry is calculated.

    5. The results are written to a text report as well as a CSV (comma delimited file) in the format:
      Object Name , Context, Date Trusted Root Expires, Date Public Key Expires, Total Years Until PK Expires, Total Months Until PK Expires, Days Until PK Expires

    6. A DOS batch file is provided to collection of the LDIF data uing ice.exe, called "Export-PKData.bat". Copy this file from the installation directory, into the directory where the ice.exe resides, e.g. "C:\novell\consoleone\1.2\bin".
      Execute the batch file to see a list of the command line parameters required.
      Using ICE/ldapsearch/iManager/ConsoleOne, export the certificate data for all objects of class nDSPKIKeyMaterial along with the attributes NDSPKIPublicKeyCertificate and hostServer.

    7. If a non-eDirectory LDIF file is used, then it must only contain ONE class / object type, the objects which hold the NDSPKIPublicKeyCertificate or equivalent attribute. Use the Attribute Mapping feature to associate the attribute to the public key certificate

    Copyright Novell AU Pty Ltd
    This utility is provided without warranty or claims.
    If you're not happy with it, keep searching.... the perfect tool might be out there.

    Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

    Reader Comments

    • worth its weight in gold, is all I can say! thank you, Lionel Bartlett!

    Novell® Making IT Work As One

    © 2008 Novell, Inc. All Rights Reserved.