{ "source_file": "C:\\Tools\\certificate\\p12\\SQMJOKERSIM.p12", "cacerts_mode": false, "hostname": "check-certificat", "generated_at": "2026-06-02T18:21:38.601191+00:00", "reference_date": "2026-06-02", "certificates": [ { "type": "CERT", "label": "sectigo_1", "subject": "CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB", "issuer": "CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB", "serial_number": "1", "key_size": 2048, "key_algo": "RSA", "ca_flag": true, "signature_algorithm": "sha1WithRSA", "key_usage": [ "KeyCertSign", "CrlSign" ], "extended_key_usage": [], "subject_alternative_name": { "dns": [], "ip": [], "email": [], "uri": [] }, "basic_constraints": { "present": true, "ca": true }, "matched": true }, { "type": "CERT", "label": "sectigo_2", "subject": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US", "issuer": "CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB", "serial_number": "3972443af922b751d7d36c10dd313595", "key_size": 4096, "key_algo": "RSA", "ca_flag": true, "signature_algorithm": "sha384WithRSA", "key_usage": [ "DigitalSignature", "KeyCertSign", "CrlSign" ], "extended_key_usage": [], "subject_alternative_name": { "dns": [], "ip": [], "email": [], "uri": [] }, "basic_constraints": { "present": true, "ca": true }, "matched": true }, { "type": "CERT", "label": "sectigo_3", "subject": "CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB", "issuer": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US", "serial_number": "137d539caa7c31a9a433701968847a8d", "key_size": 2048, "key_algo": "RSA", "ca_flag": true, "signature_algorithm": "sha384WithRSA", "key_usage": [ "DigitalSignature", "KeyCertSign", "CrlSign" ], "extended_key_usage": [ "serverAuth", "clientAuth" ], "subject_alternative_name": { "dns": [], "ip": [], "email": [], "uri": [] }, "basic_constraints": { "present": true, "ca": true, "path_length": 0 }, "matched": true }, { "type": "CERT", "label": "sg_unipass_root_ca_2016", "subject": "CN=SG UniPass Root CA 2016,O=GROUPE SOCIETE GENERALE", "issuer": "CN=SG UniPass Root CA 2016,O=GROUPE SOCIETE GENERALE", "serial_number": "1", "key_size": 4096, "key_algo": "RSA", "ca_flag": true, "signature_algorithm": "sha256WithRSA", "key_usage": [ "KeyCertSign", "CrlSign" ], "extended_key_usage": [], "subject_alternative_name": { "dns": [], "ip": [], "email": [], "uri": [] }, "basic_constraints": { "present": true, "ca": true }, "matched": true }, { "type": "CERT", "label": "sg_unipass_server_authentication_2016_ca", "subject": "CN=SG UniPass Server Authentication 2016 CA,O=GROUPE SOCIETE GENERALE", "issuer": "CN=SG UniPass Root CA 2016,O=GROUPE SOCIETE GENERALE", "serial_number": "7", "key_size": 4096, "key_algo": "RSA", "ca_flag": true, "signature_algorithm": "sha256WithRSA", "key_usage": [ "KeyCertSign", "CrlSign" ], "extended_key_usage": [], "subject_alternative_name": { "dns": [], "ip": [], "email": [], "uri": [] }, "basic_constraints": { "present": true, "ca": true, "path_length": 0 }, "matched": true }, { "type": "CERT", "label": "ibmwebspheremqsqmjokersim", "subject": "CN=sqmjokersim.pbgate.net,O=Credit Agricole SA,ST=Île-de-France,C=FR", "issuer": "CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB", "serial_number": "d73f3ea526d44c569d7ebf2e3cd94984", "key_size": 2048, "key_algo": "RSA", "ca_flag": false, "signature_algorithm": "sha256WithRSA", "key_usage": [ "DigitalSignature", "KeyEncipherment" ], "extended_key_usage": [ "serverAuth", "clientAuth" ], "subject_alternative_name": { "dns": [ "sqmjokersim.pbgate.net" ], "ip": [], "email": [], "uri": [] }, "basic_constraints": { "present": true, "ca": false }, "matched": true }, { "type": "CERT", "label": "ibmwebspheremqsqmjokersim_new", "subject": "CN=sqmjokersim.pbgate.net,O=Credit Agricole SA,ST=Île-de-France,C=FR", "issuer": "CN=sqmjokersim.pbgate.net,O=Credit Agricole SA,ST=Île-de-France,C=FR", "serial_number": "e3448d737463b065", "key_size": 2048, "key_algo": "RSA", "ca_flag": null, "signature_algorithm": "sha256WithRSA", "key_usage": [], "extended_key_usage": [], "subject_alternative_name": { "dns": [], "ip": [], "email": [], "uri": [] }, "basic_constraints": { "present": false, "ca": null }, "matched": true } ], "chain_alias": [ { "chain": [ "ibmwebspheremqsqmjokersim", "sectigo_3", "sectigo_2", "sectigo_1" ], "tag": "" }, { "chain": [ "ibmwebspheremqsqmjokersim" ], "tag": "(self-signed)" }, { "chain": [ "sectigo_1" ], "tag": "(root)" }, { "chain": [ "sectigo_2", "sectigo_1" ], "tag": "" }, { "chain": [ "sectigo_3", "sectigo_2", "sectigo_1" ], "tag": "" }, { "chain": [ "sg_unipass_root_ca_2016" ], "tag": "(root)" }, { "chain": [ "sg_unipass_server_authentication_2016_ca", "sg_unipass_root_ca_2016" ], "tag": "" } ], "chain_serial": [ { "chain": [ "1 (sectigo_1)" ], "tag": "(root)" }, { "chain": [ "1 (sg_unipass_root_ca_2016)" ], "tag": "(root)" }, { "chain": [ "137d539caa7c31a9a433701968847a8d", "3972443af922b751d7d36c10dd313595", "1 (sectigo_1)" ], "tag": "" }, { "chain": [ "3972443af922b751d7d36c10dd313595", "1 (sectigo_1)" ], "tag": "" }, { "chain": [ "7 (sg_unipass_server_authentication_2016_ca)", "1 (sg_unipass_root_ca_2016)" ], "tag": "" }, { "chain": [ "d73f3ea526d44c569d7ebf2e3cd94984", "137d539caa7c31a9a433701968847a8d", "3972443af922b751d7d36c10dd313595", "1 (sectigo_1)" ], "tag": "" }, { "chain": [ "d73f3ea526d44c569d7ebf2e3cd94984" ], "tag": "(self-signed)" } ], "warnings": [ "⚠️ Warning: Certificate 1 Alias: sectigo_1 Detail: uses the SHA1withRSA signature algorithm, which is considered a security risk and will be disabled in a future update." ], "errors": [ "❌ Error: Certificate 6 Alias ibmwebspheremqsqmjokersim Serial d73f3ea526d44c569d7ebf2e3cd94984 expired 969 days, 18 hours, 21 minutes ago.", "❌ Error: Certificate 7 Alias: ibmwebspheremqsqmjokersim_new Serial: e3448d737463b065 Detail: is self-signed." ], "action_items": [ { "priority": 2, "severity": "WARNING", "category": "ALGORITHM", "alias": "sectigo_1", "serial": "1", "message": "SHA1withRSA — deprecated, will be disabled", "action": "Plan migration to SHA256withRSA at next renewal.", "deadline": null, "cmd": "keytool -delete -keystore \"C:\\Tools\\certificate\\p12\\SQMJOKERSIM.p12\" -alias \"sectigo_1\"\n keytool -importcert -keystore \"C:\\Tools\\certificate\\p12\\SQMJOKERSIM.p12\" -alias \"sectigo_1\" -file \"\" -trustcacerts" }, { "priority": 1, "severity": "CRITICAL", "category": "EXPIRY", "alias": "ibmwebspheremqsqmjokersim", "serial": "d73f3ea526d44c569d7ebf2e3cd94984", "message": "\u001b[1;31m❌ Error: Certificate 6 Alias ibmwebspheremqsqmjokersim Serial d73f3ea526d44c569d7ebf2e3cd94984 expired 969 days, 18 hours, 21 minutes ago.\u001b[0m", "action": "Renew the certificate immediately.", "deadline": null, "cmd": "keytool -genkeypair -keystore \"C:\\Tools\\certificate\\p12\\SQMJOKERSIM.p12\" -alias \"ibmwebspheremqsqmjokersim_new\" -keyalg RSA -keysize 4096 -sigalg SHA256withRSA -dname \"CN=sqmjokersim.pbgate.net, O=Credit Agricole SA, ST=Île-de-France, C=FR\" -validity 365\n keytool -certreq -keystore \"C:\\Tools\\certificate\\p12\\SQMJOKERSIM.p12\" -alias \"ibmwebspheremqsqmjokersim_new\" -file \"sqmjokersim.pbgate.net.csr\"" }, { "priority": 1, "severity": "CRITICAL", "category": "SELF_SIGNED", "alias": "ibmwebspheremqsqmjokersim_new", "serial": "e3448d737463b065", "message": "Self-signed certificate (non-CA)", "action": "Submit a CSR to a trusted CA and replace this self-signed certificate.", "deadline": null, "cmd": "keytool -genkeypair -keystore \"C:\\Tools\\certificate\\p12\\SQMJOKERSIM.p12\" -alias \"ibmwebspheremqsqmjokersim_new_new\" -keyalg RSA -keysize 4096 -sigalg SHA256withRSA -dname \"CN=sqmjokersim.pbgate.net, O=Credit Agricole SA, ST=Île-de-France, C=FR\" -validity 365\n keytool -certreq -keystore \"C:\\Tools\\certificate\\p12\\SQMJOKERSIM.p12\" -alias \"ibmwebspheremqsqmjokersim_new_new\" -file \"sqmjokersim.pbgate.net.csr\"" }, { "priority": 3, "severity": "INFO", "category": "CA_FLAG", "alias": "ibmwebspheremqsqmjokersim_new", "serial": "e3448d737463b065", "message": "CA flag is None — Basic Constraints extension absent", "action": "Verify certificate profile and add Basic Constraints if required.", "deadline": null, "cmd": "" } ] }