Skip to Content
avatar image
Former Member

SSL Certificate Validity expire and Advanced Alerting Method

We have PI 7.11 setup integrated with ~50+ SAP and non-SAP systems (all systems are in our Network only) using SSL based authentication.

But we do not have mechanism in place to alert if any of this integrated systemu2019s certificate validity gets expire. But YES we have a mechanism wherein the requester/indenter of the Certificate gets notification but for some reason if the requester/indenter doesn't respond to renewal the certificate then it impacts Production Environments. So we are looking for method that helps us (PI Core Team) in getting prior alert based on itu2019s validity expire so that we will take the responsibility of following up with the actual certificate owner/Team to get the certificate renewal. Since, all these certificates are imported/implemented into PI u2013 NWA tool, wondering if we have any alerting mechanism to meet with this requirement.

Appreciate your suggestions.

Regards

Sekhar

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Feb 24, 2010 at 04:29 PM

    Any suggestions on this thread!

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      We had the same requirement.

      We could not find any alert mechanism to check for certificates on Key Storage.

      As a work around we used a report on ABAP stack.

      We manually added all the certificates (that are being maintained in Key Storage) to TRUST MANAGER (ABAP txn: STRUST) on ABAP stack.

      Added the interested parties to the recipient list of the Alert Category SECSSFCERTEXPIRE (ABAP txn: ALRTCATDEF)

      Scheduled a daily job to run the report SSF_ALERT_CERTEXPIRE to check the certificates that are about to expire in 30 days.

      The job triggers an alert when there is a certificate that is about to expire. We check the job pool to determine the certificate.

      Every time we add a certificate to Key Storage, we also add it to TRUST MANAGER.

      regards,

      AKD