Valid on z/OS.
Use the ROLLOVER command function to specify the original certificate superseded by the new certificate. The ROLLOVER command is the final step in the process to create a new certificate from an existing certificate with a new public/private key pair.
The ROLLOVER command function performs the following activities:
When the rollover is complete, the new certificate is used as if it were the original certificate. The original certificate is still available to verify signatures and decrypt data but can no longer be used to sign or encrypt.
Administrators must have:
If you do not have administrative authority, you can issue the ROLLOVER command if you have the following authorities in the CASECAUT resource class:
This command function has the following format:
TSS ROllOVER {acid|CERTAUTH|CERTSITE|}
DIGICERT(old_certificate_id)
NEWDIGIC(new_certificate_id)
[FORCE]
Designates the user ACID associated with the certificate.
Designates the certificate as a certificate‑authority certificate.
Designates the certificate as a site certificate.
(Mandatory with ROLLOVER keyword) Specifies a case-sensitive character ID (original certificate) that identifies the certificate with the user ACID.
Range: 1 to 8 characters
(Mandatory with ROLLOVER keyword) Specifies a case-sensitive character ID that identifies the new certificate.
Range: 1 to 8 characters
Performs the rollover unconditionally (without conducting any security checks).
Important! If DIGICERT and NEWDIGIC have the same value, and you have also specified the FORCE keyword, the product deletes the private key of the certificate.
Example: Replace the TEN Certificate with the NINE Certificate
This example completes the re-keying of the TEN certificate by replacing the TEN certificate with the NINE certificate:
TSS ROLLOVER(CERTSITE) DIGICERT(NINE)
NEWDIGIC(TEN)
FORCE
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|