If you need to check all certificates expiration, you may check also the ones which are used to establish IPSec tunnels. By default they are generated for 5 years ... if some of your Security Gateways have to be in place approx this time, you should pay attention to that expiration : if expired, you will not be able to establish VPN IPSec tunnel.

I use the following command on the Security Management Server:

cpca_client lscert -kind IKE -stat Valid > /var/ValidIKECert_`/bin/date +%Y-%m-%d_%H%M`.txt

More details on cpca_client lscert command (from Command Line Interface Reference Guide of R77😞
Description Show all certificates issued by the ICA.
Syntax

> cpca_client [-d] lscert [-dn <substring>] [-stat {Pending|Valid|Revoked|Expired|Renewed}]

[-kind SIC|IKE|User|LDAP] [-ser <ser>] [-dp <dp>]

Parameter Description
-d Runs the command in debug mode
-dn substring Filters results to those with a DN that matches this <substring>
-stat Filters results to the specified certificate status: Pending, Valid, Revoke, Expire, or Renewed
-kind Filters results for specified kind: SIC, IKE, User, or LDAP
-ser <serial> Filters results for this serial number
-dp <dp> Filters results from this CDP (certificate distribution point)

The content of the file generated should be something like:

which could be transform to:

... in order to be imported in any spreadsheet software.

Thank you all for your feedback. I will go through your comments.

If we have the certificate from the internal Certificate authority for For the administrative access (via ssh, WEB-UI) on the security components, hope the same can be pushed to use laptop using Group Policy.

My organization is asking for the certificate for administrative access (via ssh, WEB-UI) on the security components.