Purpose
SSF_ALERT_CERTEXPIRE is a dialog report to check the validity period ofcertificates. The task of this report is to provide warnings in goodtime before the expiry of the validity of installed certificates. Thewarnings can be provided in a variety of ways.
You can also schedule this report as a daily background job as areplacement for the AutoABAP report SSFALRTEXP. To use this report as areplacement, you must specify this in the selections, and set the starttime to before 3 am.
By default, the report provides warnings using system log messages andby forwarding these to CCMS alert monitors. In especially critical cases- expiry within the next two working days - the report also provides awarning by informing all users. You can specify the interval betweenexpiry and the start of the warnings. By adjusting and assigningauto-reaction methods within the monitoring architecture, you can alsoforward alerts (for more information, see the documentation fortransaction RZ21).
In addition, warnings are supported through the new Central AlertFramework (see the documentation for transaction ALRTCATDEF).
All alert variants can be tested separately without the need for thecorresponding certificates to exist.

Selection

Scope of the Checks
Number of Days Until Expiry,,
Specifies the number of days for which a certificate must still be valid
, before warnings are generated. The default value is 30.
Replacement for AutoABAP,,,,
Select this if this report is to be used instead of the AutoABAP variantSSFCERTEXP. This report must also be started daily before 3 am.
Check Certificate List,,,,
In addition to your own certificates, the report can also check allimported certificates that are administered in the certificate list. Theexpiry of one of these certificates is less critical.
Check the PSEs,,,,,,
Activates the checking of all Personal Security Environments (PSE). Inthis case, the report checks that the security product is correctlyinstalled and that the certificates in the database and the file systemmatch.
SSL Servers of All Servers,,
Activates the checking of all SSL server certificates. Each server hasits own individual SSL certificates. The check is performed usinginternal RFC communication.
Generate Warnings,,,,
Specifies whether warnings should be generated.

Generate Warnings Using Alert Framework (Subscription)
Warn Using Int. Communication,,
With this variant, the users that have subscribed to the alert categorySECSSFCERTEXPIRE are warned.

Generate Warnings Using Alert Framework (Recipients Explicitly Specified
)
Warn Using Recipient List,,
With this variant, the users to be informed are specified directly.
Names of Users to Be Warned,,
List of users to be informed.

Generate Warnings Using Alert Framework (External Communication)
Warn Using Ext. Communication,,
With this variant, the report informs users using external communicationmethods (Internet Mail, telephone, fax, pager, and so on).
External Address,,,,,,
Specification of the address, such as an e-mail address or telephonenumber
Communication Type,,,,,,
Type of communication (in accordance with SAPOffice)

Special Functions
Test Warnings
You can use this function to test the various methods of creatingwarnings without requiring the corresponding certificates to exist withonly a short validity period. In this way, you can ensure that thedesired warnings would actually be created in a real case. The value inthe Number of Days Until Expiry input field is then interpretedas the number of days for which a fictitious test certificate is stillvalid.
Lock AutoABAP
You can use the "Lock AutoABAP" function to completely deactivate theautomatic running of the AutoABAP SSFALRTEXP, and can, if required, alsounlock (activate) it again. The icons on the function button show thecurrent status (locked/unlocked)

Output
The report generates an overview of the installed certificates thatcontains the following information:

• Own certificates by use


• Associated certificate list (optional)


• Result of the PSE check (optional)


• SSL Server certificates (optional)



Important Note
If problems occur with the PSEs during the check, then the output listcontains only general error messages. To analyze these problems in moredetail, use the Trust Manager (transaction STRUST). This provides moredetailed information about the cause of the problems and how you cancorrect them.
If servers are incorrectly configured, the results can vary, dependingon which server the report is started on.