IBM Sterling
This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
Hi Brian,
There are couple of ways one can get the list of certificates used in SSP.
1. Using user’s own client like POST man or a java client. Following is a link to documentation on the REST API to list all certificates from a keystore. You may have to do this for each keystore if we have multiple keystores.
https://www.ibm.com/docs/en/secure-proxy/6.0.0?topic=api-get-keystore <- doc to get info on all certificates in a keystore (GET Keystore)
https://www.ibm.com/docs/en/secure-proxy/6.0.0?topic=api-get-all-keystores <- doc to get list of keystores in CM (Get All Keystores)
2. Run <CM Install dir>/bin/sspRestAPI.sh/bat -f props=sspRestAPI.properties
You need to uncomment line to export keystores like the line below in the sspRestAPI.properties file
#command.801=export entity=keystore workDir=c:/data/results name=keystoresExport
Also make sure the connection info is updated like the CM host, port, userid, etc. which are at the beginning of the above properties file.
In the exported XML file there will be validTo and validFrom xml tags for each certificate which will provide you with expiry date of certificates.
3. <SSP CM install dir>/bin/listCmCerts.sh/bat will list all certs in the config including the certificate validation periods.
SEAS side, currently the certificates are stored along with SSL config, instead of independent keystore objects. We have an enhancement to change this.
<seas install dir>/bin/listCerts.sh tool will list certificates in the default ssl info configuration object. Currently this will not be able list all certificates in SEAS.
Thank You,
Product Management - Secure Proxy
Hi Vijay,
Thanks for the response. i was looking for a way to produce a dumpinfo report from SSPCM.
What is the process to use Rest APIs to export the XML with Cert info?
Thanks,
Brian
Thank you for taking the time to provide your ideas to IBM. We appreciate your willingness to share details about your experience and your recommendations. This will be addressed in one of the future releases via integration with IBM Sterling Control Center Monitor.
Meanwhile, it might be possible to use Rest APIs to export the XML with Cert info.
Thank You,
Product Management
It may be easier to report all of the sspcm configs, and we can search the certificate we are renewing.