{
  "source_file": "/home/joker/Tools/certificate/kdb/EQMJOKERPRD.kdb",
  "cacerts_mode": false,
  "hostname": "check-certificat",
  "generated_at": "2026-06-02T18:14:45.641113+00:00",
  "reference_date": "2026-06-02",
  "certificates": [
    {
      "type": "CERT",
      "label": "ibmwebspheremqeqmjokerprd",
      "subject": "CN=eqmjokerprd.pbgate.net,O=Credit Agricole SA,ST=Île-de-France,C=FR",
      "issuer": "CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB",
      "serial_number": "badfd44469f869025be0f9bfc603b556",
      "key_size": 2048,
      "key_algo": "RSA",
      "ca_flag": false,
      "signature_algorithm": "sha256WithRSA",
      "key_usage": [
        "DigitalSignature",
        "KeyEncipherment"
      ],
      "extended_key_usage": [
        "serverAuth",
        "clientAuth"
      ],
      "subject_alternative_name": {
        "dns": [
          "eqmjokerprd.pbgate.net"
        ],
        "ip": [],
        "email": [],
        "uri": []
      },
      "basic_constraints": {
        "present": true,
        "ca": false
      },
      "matched": true
    },
    {
      "type": "CERT",
      "label": "ibmwebspheremqeqmjokerprd_2023_1",
      "subject": "CN=eqmjokerprd.pbgate.net,O=Credit Agricole SA,ST=Île-de-France,C=FR",
      "issuer": "CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB",
      "serial_number": "f78f768b06d832faa95c1d80d9d6f980",
      "key_size": 2048,
      "key_algo": "RSA",
      "ca_flag": false,
      "signature_algorithm": "sha256WithRSA",
      "key_usage": [
        "DigitalSignature",
        "KeyEncipherment"
      ],
      "extended_key_usage": [
        "serverAuth",
        "clientAuth"
      ],
      "subject_alternative_name": {
        "dns": [
          "eqmjokerprd.pbgate.net"
        ],
        "ip": [],
        "email": [],
        "uri": []
      },
      "basic_constraints": {
        "present": true,
        "ca": false
      },
      "matched": true
    },
    {
      "type": "CERT",
      "label": "sectigo_1",
      "subject": "CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB",
      "issuer": "CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB",
      "serial_number": "1",
      "key_size": 2048,
      "key_algo": "RSA",
      "ca_flag": true,
      "signature_algorithm": "sha1WithRSA",
      "key_usage": [
        "KeyCertSign",
        "CrlSign"
      ],
      "extended_key_usage": [],
      "subject_alternative_name": {
        "dns": [],
        "ip": [],
        "email": [],
        "uri": []
      },
      "basic_constraints": {
        "present": true,
        "ca": true
      },
      "matched": true
    },
    {
      "type": "CERT",
      "label": "sectigo_2",
      "subject": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US",
      "issuer": "CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB",
      "serial_number": "3972443af922b751d7d36c10dd313595",
      "key_size": 4096,
      "key_algo": "RSA",
      "ca_flag": true,
      "signature_algorithm": "sha384WithRSA",
      "key_usage": [
        "DigitalSignature",
        "KeyCertSign",
        "CrlSign"
      ],
      "extended_key_usage": [],
      "subject_alternative_name": {
        "dns": [],
        "ip": [],
        "email": [],
        "uri": []
      },
      "basic_constraints": {
        "present": true,
        "ca": true
      },
      "matched": true
    },
    {
      "type": "CERT",
      "label": "sectigo_3",
      "subject": "CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB",
      "issuer": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US",
      "serial_number": "137d539caa7c31a9a433701968847a8d",
      "key_size": 2048,
      "key_algo": "RSA",
      "ca_flag": true,
      "signature_algorithm": "sha384WithRSA",
      "key_usage": [
        "DigitalSignature",
        "KeyCertSign",
        "CrlSign"
      ],
      "extended_key_usage": [
        "serverAuth",
        "clientAuth"
      ],
      "subject_alternative_name": {
        "dns": [],
        "ip": [],
        "email": [],
        "uri": []
      },
      "basic_constraints": {
        "present": true,
        "ca": true,
        "path_length": 0
      },
      "matched": true
    },
    {
      "type": "CERT",
      "label": "sg_unipass_root_ca_2016",
      "subject": "CN=SG UniPass Root CA 2016,O=GROUPE SOCIETE GENERALE",
      "issuer": "CN=SG UniPass Root CA 2016,O=GROUPE SOCIETE GENERALE",
      "serial_number": "1",
      "key_size": 4096,
      "key_algo": "RSA",
      "ca_flag": true,
      "signature_algorithm": "sha256WithRSA",
      "key_usage": [
        "KeyCertSign",
        "CrlSign"
      ],
      "extended_key_usage": [],
      "subject_alternative_name": {
        "dns": [],
        "ip": [],
        "email": [],
        "uri": []
      },
      "basic_constraints": {
        "present": true,
        "ca": true
      },
      "matched": true
    },
    {
      "type": "CERT",
      "label": "sg_unipass_server_authentication_2016_ca",
      "subject": "CN=SG UniPass Server Authentication 2016 CA,O=GROUPE SOCIETE GENERALE",
      "issuer": "CN=SG UniPass Root CA 2016,O=GROUPE SOCIETE GENERALE",
      "serial_number": "7",
      "key_size": 4096,
      "key_algo": "RSA",
      "ca_flag": true,
      "signature_algorithm": "sha256WithRSA",
      "key_usage": [
        "KeyCertSign",
        "CrlSign"
      ],
      "extended_key_usage": [],
      "subject_alternative_name": {
        "dns": [],
        "ip": [],
        "email": [],
        "uri": []
      },
      "basic_constraints": {
        "present": true,
        "ca": true,
        "path_length": 0
      },
      "matched": true
    }
  ],
  "chain_alias": [
    {
      "chain": [
        "ibmwebspheremqeqmjokerprd",
        "sectigo_3",
        "sectigo_2",
        "sectigo_1"
      ],
      "tag": ""
    },
    {
      "chain": [
        "sectigo_1"
      ],
      "tag": "(root)"
    },
    {
      "chain": [
        "sectigo_2",
        "sectigo_1"
      ],
      "tag": ""
    },
    {
      "chain": [
        "sectigo_3",
        "sectigo_2",
        "sectigo_1"
      ],
      "tag": ""
    },
    {
      "chain": [
        "sg_unipass_root_ca_2016"
      ],
      "tag": "(root)"
    },
    {
      "chain": [
        "sg_unipass_server_authentication_2016_ca",
        "sg_unipass_root_ca_2016"
      ],
      "tag": ""
    }
  ],
  "chain_serial": [
    {
      "chain": [
        "1 (sectigo_1)"
      ],
      "tag": "(root)"
    },
    {
      "chain": [
        "1 (sg_unipass_root_ca_2016)"
      ],
      "tag": "(root)"
    },
    {
      "chain": [
        "137d539caa7c31a9a433701968847a8d",
        "3972443af922b751d7d36c10dd313595",
        "1 (sectigo_1)"
      ],
      "tag": ""
    },
    {
      "chain": [
        "3972443af922b751d7d36c10dd313595",
        "1 (sectigo_1)"
      ],
      "tag": ""
    },
    {
      "chain": [
        "7 (sg_unipass_server_authentication_2016_ca)",
        "1 (sg_unipass_root_ca_2016)"
      ],
      "tag": ""
    },
    {
      "chain": [
        "badfd44469f869025be0f9bfc603b556",
        "137d539caa7c31a9a433701968847a8d",
        "3972443af922b751d7d36c10dd313595",
        "1 (sectigo_1)"
      ],
      "tag": ""
    }
  ],
  "warnings": [
    "⚠️ Warning: Certificate 3 Alias: sectigo_1 Detail: uses the SHA1withRSA signature algorithm, which is considered a security risk and will be disabled in a future update."
  ],
  "errors": [
    "❌ Error: Certificate 1 Alias ibmwebspheremqeqmjokerprd Serial badfd44469f869025be0f9bfc603b556 expired 1214 days, 18 hours, 14 minutes ago.",
    "❌ Error: Certificate 2 Alias ibmwebspheremqeqmjokerprd_2023_1 Serial f78f768b06d832faa95c1d80d9d6f980 expired 845 days, 18 hours, 14 minutes ago."
  ],
  "action_items": [
    {
      "priority": 1,
      "severity": "CRITICAL",
      "category": "EXPIRY",
      "alias": "ibmwebspheremqeqmjokerprd",
      "serial": "badfd44469f869025be0f9bfc603b556",
      "message": "\u001b[1;31m❌ Error: Certificate 1 Alias ibmwebspheremqeqmjokerprd Serial badfd44469f869025be0f9bfc603b556 expired 1214 days, 18 hours, 14 minutes ago.\u001b[0m",
      "action": "Renew the certificate immediately.",
      "deadline": null,
      "cmd": "runmqakm -certreq -create -db \"/home/joker/Tools/certificate/kdb/EQMJOKERPRD.kdb\" -stashed -label \"ibmwebspheremqeqmjokerprd_new\" -dn \"cn=eqmjokerprd.pbgate.net,o=Credit Agricole SA,st=Île-de-France,c=FR\" -size 4096 -sig_alg SHA256WithRSA -file \"/home/joker/Tools/certificate/kdb/EQMJOKERPRD_eqmjokerprd.pbgate.net.csr\""
    },
    {
      "priority": 1,
      "severity": "CRITICAL",
      "category": "EXPIRY",
      "alias": "ibmwebspheremqeqmjokerprd_2023_1",
      "serial": "f78f768b06d832faa95c1d80d9d6f980",
      "message": "\u001b[1;31m❌ Error: Certificate 2 Alias ibmwebspheremqeqmjokerprd_2023_1 Serial f78f768b06d832faa95c1d80d9d6f980 expired 845 days, 18 hours, 14 minutes ago.\u001b[0m",
      "action": "Renew the certificate immediately.",
      "deadline": null,
      "cmd": "runmqakm -certreq -create -db \"/home/joker/Tools/certificate/kdb/EQMJOKERPRD.kdb\" -stashed -label \"ibmwebspheremqeqmjokerprd_2023_1_new\" -dn \"cn=eqmjokerprd.pbgate.net,o=Credit Agricole SA,st=Île-de-France,c=FR\" -size 4096 -sig_alg SHA256WithRSA -file \"/home/joker/Tools/certificate/kdb/EQMJOKERPRD_eqmjokerprd.pbgate.net.csr\""
    },
    {
      "priority": 2,
      "severity": "WARNING",
      "category": "ALGORITHM",
      "alias": "sectigo_1",
      "serial": "1",
      "message": "SHA1withRSA — deprecated, will be disabled",
      "action": "Plan migration to SHA256withRSA at next renewal.",
      "deadline": null,
      "cmd": "runmqakm -cert -delete -db \"/home/joker/Tools/certificate/kdb/EQMJOKERPRD.kdb\" -stashed -label \"sectigo_1\"\n        runmqakm -cert -add -db \"/home/joker/Tools/certificate/kdb/EQMJOKERPRD.kdb\" -stashed -label \"sectigo_1\" -file \"<new_sectigo_1.crt>\" -format ascii -trust enable"
    }
  ]
}