IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Submitted
Workspace IBM i
Categories Security
Created by Guest
Created on Jun 8, 2024

RELATED IDEAS

Include an "assigned" flag to DCM API to indicate if cert is assigned to an DCM application or not

There is an API that already exists that allows certificates stored in a DCM store be read and would include expiry date, which is useful. I am not sure what the API is called, but I know that TAATOOL provides a command (CVTCERT) that uses the IBM API and it allows the certificate details to be output to a file for convenience. It would be even more useful if the IBM API could include a flag to state whether the certificate is assigned to a DCM application or not. Or, include the name of the application that each cert is assigned to, if applicable and if not assigned, then show a blank. Use case is just after a certificate renewal, the old certificate will likely no longer be assigned, but admins may choose to keep it on the system for a period in case of need for roll back. We are trying to use the list to determine certificates that are close to expiry and send out an alert. But we don't want to include 'close to expiry' certs that are already renewed and therefore no longer assigned to an application.Adding such a flag would allow us to discern whether it's still in scope of alert or not

Thanks

Phil Howells

Australia

Idea priority High
  • Guest
    Reply
    |     Jun 19, 2024

    Thank you Carmelita and Guest for the responses.

    I will take a look at those links.

  • Admin
    Carmelita Ruvalcaba Cevallos
    Reply
    |     Jun 18, 2024

    The CAAC has reviewed this IBM Idea and recommends that IBM view this as a medium priority Idea that should be addressed.

    This will be extremely helpful for the IBM i community handling certificates, and we recommend this as a Db2 for I service and a command.

    Background: The COMMON Americas Advisory Council (CAAC) members have a broad range of experience in working with small and medium-sized IBM i customers. CAAC has a key role in working with IBM i development to help assess the value and impact of individual IBM Ideas on the broader IBM i community and has therefore reviewed your Idea.

    For more information about CAAC, see www.common.org/caac

    Carmelita Ruvalcaba - CAAC Program Manager

  • Guest
    Reply
    |     Jun 17, 2024

    The information you are seeking is available by making two calls to existing APIs.

    1. To retrieve the information about a certificate and when it is expiring is available by using API QycuRetrieveCertificateInformation. https://www.ibm.com/docs/en/i/7.4?topic=ssw_ibm_i_74/apis/qycurtvci.html

    2. To see which applications exist that contain the expiring certificate is available by calling API QycdRetrieveCertUsageInfo. https://www.ibm.com/docs/en/i/7.4?topic=ssw_ibm_i_74/apis/qycdrcui.html
    This API is intended to retrieve information about the application definitions but also contains a list of certificates that are assigned to the application definition in the receiver variable.


    Note that an SQL service is available for step 1: https://www.ibm.com/docs/en/i/7.4?topic=services-certificate-info-table-function

    The request for an SQL service for step 2 has been requested but has not been addressed yet.

  • Guest
    Reply
    |     Jun 13, 2024
    An SQL service to list certificate assignment for application would be handy.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.