Valid on z/OS.
Use the SYMXCERT keyword to specify one or more labels of digital certificate which you may use to export the symmetric keys protected by this profile. Each certificate must exist in the ICSF key store.
This keyword has the following format:
TSS PER(acid) CSFKEYS(resource) SYMXCERT(label1,label2,…label12)
You can specify up to 12 certificate labels. Each label may be a maximum of 97 characters. An asterisk (*) indicates any certificate in the ICSF key store may be used.
The form of the certificate label is qualifier/label-name.
Specifies an optional qualifier in the certificate label string when multiple certificates have the same label. The qualifier is translated to uppercase characters. The meaning of the qualifier depends on where the certificate resides. When the certificate resides in a key ring, the qualifier is the TSS ACID name of the certificate owner. When the certificate resides in a PKCS #11 token, the qualifier is the value of the CKA_ID attribute of the certificate. The CKA_ID value may be up to 64 hexadecimal characters.
Specifies the certificate label assigned when the certificate was created. The forward slash (/) must be specified before the certificate label.
This keyword is used with the following:
This example allows you specify one or more certificate labels which may be used to export the symmetric key with the NJDEPT1 ACID:
TSS PER(NJDEPT1) CSFKEYS(resource) SYMXCERT(label1)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|