show_expiring_certificates
12.1 and later This API command shows all the certificates that expire on the system within the specified expiration threshold.
REST API syntax
This API is available as a REST service with the
GET
method. Call this API as
follows:
GET https://[Guardium hostname or IP address]:8443/restAPI/show_expiring_certificates
GuardAPI syntax
show_expiring_certificates parameter=value
Parameters
Parameter | Value type | Description |
---|---|---|
expirationThreshold | Integer | Required. The value must be greater than or equal to 1. |
Example
The following command shows all the certificates that expire on the system within 40 days.
grdapi show_expiring_certificates expirationThreshold=40
Sample response:
The following example shows a sample output of an expiring certificate from keystore.
[
{
"file_name": "/opt/IBM/Guardium/tomcat/.keystore",
"file_type": "KEYSTORE",
"certs": [
{
"expiration_date": "Sun Nov 09 19:00:00 EST 2031",
"subject_cn": "DigiCert Global Root CA",
"serial_number": XXXXXXXXXXXXXXXXXXXXXXX4346,
"alias": "digicertglobalrootca",
"fingerprint": "43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61"
}
]
}
]
The following example shows a sample output of an expiring certificate from a PEM file.
[
{
"file_name": "/opt/IBM/Guardium/etc/pki/certs/system.cert.pem",
"file_type": "PEM",
"certs": [
{
"expiration_date": "Sun Mar 02 19:00:00 EST 2025",
"subject_cn": "Guardium",
"serial_number": 4,
"fingerprint": "CC:D4:B1:A5:FA:DB:E8:69:27:22:E5:23:AB:3B:29:37:B0:90:27:5E:34:1A:60:EF:84:40:CA:BD:21:D7:6D:5C"
}
]
}
]