show_expiring_certificates

12.1 and later This API command shows all the certificates that expire on the system within the specified expiration threshold.

REST API syntax

This API is available as a REST service with the GET method. Call this API as follows:
GET https://[Guardium hostname or IP address]:8443/restAPI/show_expiring_certificates

GuardAPI syntax

show_expiring_certificates parameter=value

Parameters

Parameter Value type Description
expirationThreshold Integer Required. The value must be greater than or equal to 1.

Example

The following command shows all the certificates that expire on the system within 40 days.

grdapi show_expiring_certificates expirationThreshold=40

Sample response:

The following example shows a sample output of an expiring certificate from keystore.

[
{
  "file_name": "/opt/IBM/Guardium/tomcat/.keystore",   
  "file_type": "KEYSTORE",
  "certs": [
   {       
       "expiration_date": "Sun Nov 09 19:00:00 EST 2031",
       "subject_cn": "DigiCert Global Root CA",
       "serial_number": XXXXXXXXXXXXXXXXXXXXXXX4346,
       "alias": "digicertglobalrootca",
       "fingerprint": "43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61"     
   }
   ]
}
]

The following example shows a sample output of an expiring certificate from a PEM file.

[
{
  "file_name": "/opt/IBM/Guardium/etc/pki/certs/system.cert.pem",
  "file_type": "PEM",
  "certs": [
   {       
       "expiration_date": "Sun Mar 02 19:00:00 EST 2025",
       "subject_cn": "Guardium",
       "serial_number": 4,
       "fingerprint": "CC:D4:B1:A5:FA:DB:E8:69:27:22:E5:23:AB:3B:29:37:B0:90:27:5E:34:1A:60:EF:84:40:CA:BD:21:D7:6D:5C"     
   }
  ]
}
]