cancel
Showing results for 
Search instead for 
Did you mean: 

How to tell which strust certificates are used?

former_member197700
Participant
0 Kudos
5,823

Hi Gurus,  In strust / strustsso2, there are a lot of SSL certificates imported by someone who has left the company.  How can I tell which of these certificates are in use and which can be deleted?

Warm Regards, CM

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member80258
Participant
0 Kudos

Hi Clifton

You can go to ST11 transaction and find dev_icm log, that you'll find the certificates are using.

Regards

former_member197700
Participant
0 Kudos

dev_icm shows which URLs are being access, but not which certificates are being used.

I want to delete a lot of SSL Server certificates because I think they are not used anymore and we don't want to pay for them, but how can I be sure?

cris_hansen
Advisor
Advisor
0 Kudos

Hi Clifton,

You can use ICM trace level 3 to know the certificates being used.

Or you can use a network sniffer, e.g. WireShark, to look the certificates.

Kind regards,

Cris

former_member185954
Active Contributor
0 Kudos

Hello Clifton,

Why do you wish to delete them? delete them only if they have expired.

Regards,

Siddhesh

former_member197700
Participant
0 Kudos

Same question a different way:  How can I tell which of these certificates are in use and need to be renewed?

cris_hansen
Advisor
Advisor
0 Kudos

Hi Clifton,

In STRUST, SSL server Standard PSE, you have two categories to look:

a) "Own Certificate" section: this certificate is the one used to end users reach your server using HTTPS. This certificate needs to be renewed, otherwise a web browser will issue a warning, telling that the certificate is expired (or no longer valid). Usually CAs sign a certificate for 1 or 2 years, so this is a periodic maintenance task.

b) "Certificate List" section: it is the PKlist, certificates that should be trusted by your server. Usually for the SSL _server_ Standard PSE this list is not too long (it is common to have no certificates at all in the list).

I hope this helps.

Kind regards,

Cris