📋 chkcert — SQMJOKERSIM.p12

Generated: 2026-06-02 18:20 UTC | Host: check-certificat | Source: C:\Tools\certificate\p12\SQMJOKERSIM.p12 | 7 certificate(s) 📅 ref 2026-06-02

Certificates

#	Label / Alias	Subject	Issuer	Serial	Key	Signature Algorithm	CA	Key Usage	Extended Key Usage	Subject Alternative Name	Basic Constraints
1	sectigo_1	CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB	CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB	`1`	2048-bit RSA	sha1WithRSA	CA	KeyCertSign CrlSign	none	none	present CA: True
2	sectigo_2	CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US	CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB	`3972443af922b751d7d36c10dd313595`	4096-bit RSA	sha384WithRSA	CA	DigitalSignature KeyCertSign CrlSign	none	none	present CA: True
3	sectigo_3	CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB	CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US	`137d539caa7c31a9a433701968847a8d`	2048-bit RSA	sha384WithRSA	CA	DigitalSignature KeyCertSign CrlSign	serverAuth clientAuth	none	present CA: True PathLength: 0
4	sg_unipass_root_ca_2016	CN=SG UniPass Root CA 2016,O=GROUPE SOCIETE GENERALE	CN=SG UniPass Root CA 2016,O=GROUPE SOCIETE GENERALE	`1`	4096-bit RSA	sha256WithRSA	CA	KeyCertSign CrlSign	none	none	present CA: True
5	sg_unipass_server_authentication_2016_ca	CN=SG UniPass Server Authentication 2016 CA,O=GROUPE SOCIETE GENERALE	CN=SG UniPass Root CA 2016,O=GROUPE SOCIETE GENERALE	`7`	4096-bit RSA	sha256WithRSA	CA	KeyCertSign CrlSign	none	none	present CA: True PathLength: 0
6	ibmwebspheremqsqmjokersim	CN=sqmjokersim.pbgate.net,O=Credit Agricole SA,ST=Île-de-France,C=FR	CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB	`d73f3ea526d44c569d7ebf2e3cd94984`	2048-bit RSA	sha256WithRSA	Leaf	DigitalSignature KeyEncipherment	serverAuth clientAuth	DNS sqmjokersim.pbgate.net	present CA: False
7	ibmwebspheremqsqmjokersim_new	CN=sqmjokersim.pbgate.net,O=Credit Agricole SA,ST=Île-de-France,C=FR	CN=sqmjokersim.pbgate.net,O=Credit Agricole SA,ST=Île-de-France,C=FR	`e3448d737463b065`	2048-bit RSA	sha256WithRSA	None	none	none	none	absent

🔧 Remediation actions (4)

Priority	Category	Alias	Serial	Issue	Action	Command
P1 CRITICAL	EXPIRY	ibmwebspheremqsqmjokersim	`d73f3ea526d44c569d7ebf2e3cd94984`	❌ Error: Certificate 6 Alias ibmwebspheremqsqmjokersim Serial d73f3ea526d44c569d7ebf2e3cd94984 expired 969 days, 18 hours, 20 minutes ago.	Renew the certificate immediately.	`keytool -genkeypair -keystore "C:\Tools\certificate\p12\SQMJOKERSIM.p12" -alias "ibmwebspheremqsqmjokersim_new" -keyalg RSA -keysize 4096 -sigalg SHA256withRSA -dname "CN=sqmjokersim.pbgate.net, O=Credit Agricole SA, ST=Île-de-France, C=FR" -validity 365 keytool -certreq -keystore "C:\Tools\certificate\p12\SQMJOKERSIM.p12" -alias "ibmwebspheremqsqmjokersim_new" -file "sqmjokersim.pbgate.net.csr"`
P1 CRITICAL	SELF_SIGNED	ibmwebspheremqsqmjokersim_new	`e3448d737463b065`	Self-signed certificate (non-CA)	Submit a CSR to a trusted CA and replace this self-signed certificate.	`keytool -genkeypair -keystore "C:\Tools\certificate\p12\SQMJOKERSIM.p12" -alias "ibmwebspheremqsqmjokersim_new_new" -keyalg RSA -keysize 4096 -sigalg SHA256withRSA -dname "CN=sqmjokersim.pbgate.net, O=Credit Agricole SA, ST=Île-de-France, C=FR" -validity 365 keytool -certreq -keystore "C:\Tools\certificate\p12\SQMJOKERSIM.p12" -alias "ibmwebspheremqsqmjokersim_new_new" -file "sqmjokersim.pbgate.net.csr"`
P2 WARNING	ALGORITHM	sectigo_1	`1`	SHA1withRSA — deprecated, will be disabled	Plan migration to SHA256withRSA at next renewal.	`keytool -delete -keystore "C:\Tools\certificate\p12\SQMJOKERSIM.p12" -alias "sectigo_1" keytool -importcert -keystore "C:\Tools\certificate\p12\SQMJOKERSIM.p12" -alias "sectigo_1" -file "" -trustcacerts`
P3 INFO	CA_FLAG	ibmwebspheremqsqmjokersim_new	`e3448d737463b065`	CA flag is None — Basic Constraints extension absent	Verify certificate profile and add Basic Constraints if required.

🔗 Chaining alias (7 chain(s))

Certificate	Chain
ibmwebspheremqsqmjokersim	sectigo_3 ----> sectigo_2 ----> sectigo_1
ibmwebspheremqsqmjokersim	(self-signed)
sectigo_1	(root)
sectigo_2	sectigo_1
sectigo_3	sectigo_2 ----> sectigo_1
sg_unipass_root_ca_2016	(root)
sg_unipass_server_authentication_2016_ca	sg_unipass_root_ca_2016

📝 Chaining serial (7 chain(s))

Serial	Chain
1 (sectigo_1)	(root)
1 (sg_unipass_root_ca_2016)	(root)
137d539caa7c31a9a433701968847a8d	3972443af922b751d7d36c10dd313595 ----> 1 (sectigo_1)
3972443af922b751d7d36c10dd313595	1 (sectigo_1)
7 (sg_unipass_server_authentication_2016_ca)	1 (sg_unipass_root_ca_2016)
d73f3ea526d44c569d7ebf2e3cd94984	137d539caa7c31a9a433701968847a8d ----> 3972443af922b751d7d36c10dd313595 ----> 1 (sectigo_1)
d73f3ea526d44c569d7ebf2e3cd94984	(self-signed)

⚠️ Warnings (1)

⚠️ Warning: Certificate 1 Alias: sectigo_1 Detail: uses the SHA1withRSA signature algorithm, which is considered a security risk and will be disabled in a future update.

❌ Errors (2)

❌ Error: Certificate 6 Alias ibmwebspheremqsqmjokersim Serial d73f3ea526d44c569d7ebf2e3cd94984 expired 969 days, 18 hours, 20 minutes ago.
❌ Error: Certificate 7 Alias: ibmwebspheremqsqmjokersim_new Serial: e3448d737463b065 Detail: is self-signed.