A close-enough idea is probably to check if they're connected to any keyrings.
Alternatively, depending on whether TLS inspection is setup in your site, the device doing the proxying might keep signatures/fingerprint of certs it has seen so far. I may not be explaining this right, but it is likely to be there in the TLS inspection service's logs, depending on what's being logged & teh retention. - KB ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, February 19, 2021 4:32 AM, Charles Mills <[email protected]> wrote: > You could check the expiration. If they are expired they are pretty much > defunct. Of course, that is mostly for endpoint certificates. CA > certificates tend to be good for 20-30 years. > > Charles > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Frank Swarbrick > Sent: Thursday, February 18, 2021 11:16 AM > To: [email protected] > Subject: RACF certificate usage > > Does RACF keep track of the last time a certificate was "used"? If so, how > can we get this information? We have a "lot" of certificates that I have a > feeling are no longer used, and perhaps were never used, and it would be > useful to know this information to know if they can be removed. > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > --------------------------------------------------------------------------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
