Manage user certificates by expiration

Digital Certificate Manager (DCM) provides certificate expiration management support to allow administrators to check the expiration dates of user certificates on the local iSeries™ system. DCM user certificate expiration management support can be used in conjunction with Enterprise Identity Mapping (EIM) so that administrators can use DCM to check user certificate expiration at the enterprise level.

To take advantage of expiration management support for user certificates at the enterprise level, EIM must be configured in the enterprise and EIM must contain the appropriate mapping information for user certificates. To check the expiration of user certificates other than those associated with your own user profile, you must have *ALLOBJ and *SECADM special authorities.

Using DCM to view certificates based on their expiration allows you to determine quickly and easily which certificates are close to expiring so that certificates can be renewed in a timely fashion.

To view and manage user certificates based on their expiration dates, follow these steps:

  1. Start DCM.
    Note: If you have questions about how to complete a specific form while using DCM, select the question mark (?) at the top of the page to access the online help.
  2. In the navigation frame, select Manage User Certificates to display a list of tasks.
    Note: If you are currently working with a certificate store, select Manage Certificates to display a list of tasks, then select Check expiration, and select User.
  3. If your user profile has *ALLOBJ and *SECADM special authorities, you can select a method for choosing which user certificates to view and manage based on their expiration dates. (If your user profile does not have these special authorities, DCM prompts you to specify the expiration date range as described in the next step.) You can select one of the following:
    • User profile to view and manage user certificates that are assigned to a specific i5/OS™ user profile. Specify a User profile name and click Continue.
      Note: You can specify a user profile other than your own user profile only if you have *ALLOBJ and *SECADM special authorities.
    • All user certificates to view and to manage user certificates for all user identities.
  4. In the Expiration date range in days (1-365) field, enter the number of days for which to view user certificates based on their expiration date and click Continue. DCM displays all user certificates for the specified user profile that expire between today's date and the date that matches the number of specified days. DCM also displays all user certificates that have expiration dates before today's date.
  5. Select a user certificate to manage. You can choose to view certificate information details or remove the certificate from the associated user identity.
  6. When you finish working with certificates from the list, click Cancel to exit the task.
Parent topic: Manage user certificates
Related tasks
Digital certificates and Enterprise Identity Mapping (EIM)
Related information
EIM Information Center Overview