Skip to Main Content
IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Functionality already exists
Categories Security
Created by Guest
Created on May 18, 2021

Control Center Certificate Expiration Warning Notification

The Certificate Expiration warning rule that comes with Control Center produces a warning if a Connect Direct Secure Plus certificate is going to expire within 60 days. However, there is no known notification for Control Center's certificate which can be used with other servers to provide a secure connection. For example, I have a self-signed certificate that I created for Control Center. The certificate expires in June, but I did not receive any notification from Control Center. The only way I knew is that our trusted certificate is installed on some of our B2B Integrator servers for a secure connection with Control Center. The B2B servers have an email setup which sends an email to our shared inbox showing which certificates are about to expire. In that email, the Control Center certificate was identified. We need Control Center to alert us on this as well.

What is your industry? Non-Industry Specific
How will this idea be used?

The Certificate Expiration warning rule that comes with Control Center produces a warning if a Connect Direct Secure Plus certificate is going to expire within 60 days. However, there is no known notification for Control Center's certificate which can be used with other servers to provide a secure connection. For example, I have a self-signed certificate that I created for Control Center. The certificate expires in June, but I did not receive any notification from Control Center. The only way I knew is that our trusted certificate is installed on some of our B2B Integrator servers for a secure connection with Control Center. The B2B servers have an email setup which sends an email to our shared inbox showing which certificates are about to expire. In that email, the Control Center certificate was identified. We need Control Center to alert us on this as well.

  • Admin
    Mike Lamb
    Reply
    |
    Aug 3, 2023

    Brian,


    Control Center can now get an expiration warning alert for its certificate however the number of days ahead of time to get the warning alert is not configurable.


    Thanks,

    Mike Lamb

    Senior Product Manager, Sterling Control Center

    3 replies
  • Guest
    Reply
    |
    Jul 31, 2023

    Vijay, I'm not talking about key or trusted certificates for Connect Direct Secure Plus, I'm talking about the key and trusted certificates that are in the key and/or trust stores for Control Center itself.

  • Guest
    Reply
    |
    Mar 22, 2023

    Vijay, I am talking about certificates in Control Center's own certificate database(s).

  • Admin
    VIJAY CHOUGULE
    Reply
    |
    Jul 9, 2021

    This can be achieved by writing rules to watch for below events/message Ids:

    • CCTR143I - for expired certs

    • CCTR144I - for certs soon to expire

    • CCTR145I - for certs not yet valid

    Control Center Monitor checks all the certificates in its key and trust stores, and generate the above events that contains the names of problematic certificates.

    In 6.1.3 these events are generated during start-up however starting 6.2, that certificate check is also done on a reoccurring basis (every 24 hours) after ICC has started. That way if you leave ICC 6.2 up long enough, and one of its certificates is about to expire, that wasn’t at startup, with 6.2, you can find out about that as well.

  • Admin
    VIJAY CHOUGULE
    Reply
    |
    Jun 2, 2021

    Thank you for taking the time to provide your ideas to IBM. We truly value our relationship with you and appreciate your willingness to share details about your experience, your recommendations, and ideas.

    We will shortly be reviewing this request internally and get back on the feasibility to implement this in near future. Appreciate your patience.