Valid on z/OS.
Use the BIND keyword with the P11TOKEN function to bind a digital certificate to a z/OS PKCS#11 token. When a certificate is bound to a token, CA Top Secret creates a certificate, public key and private key (if the certificate has one and the BIND usage is personal).
The following key types are not supported:
The command has the following format:
TSS P11TOKEN BIND
LABLCTKN(token name)
TOKNDATA(userid,digicert)|LABLCERT(certificate label)|
TOKNUSER(userid)
[USAGE(PERSONAL|CERTSITE|CERTAUTH]
[DEFAULT]
Specifies the name of the token. The token must already exist.
Userid specifies the ACID for the digital certificate. Digicert identifies the digital certificate. LABLCERT and TOKNDATA are mutually exclusive.
Specifies the digital certificate label name of the certificate to bind. The userid for the certificate may be specified with the TOKENUSER keyword. If TOKNUSER is not specified then the userid of the administrator that issued the command is used. LABLCERT and TOKNDATA are mutually exclusive.
Specifies the userid for the digital certificate
Specifies how this certificate is used within the token. If usage is not specified, it defaults to the usage value of the certificate being bound.
Specifies that the certificate is the default certificate for the token. Only one certificate may be the default. If a default certificate already exists, its default status is removed.
The administrator must have:
Controlled by ICSF using resources in the CRYPTOZ and IBMFAC resource classes.
To bind a certificate to a PKCS#11 token for USAGE personal use, the authority required is:
To bind a certificate to a PKCS#11 token for USAGE CERTSITE or CERTAUTH use the authority required:
This example binds the certificate CERT001 to the token TOKEN#1:
TSS P11TOKEN BIND LABLCTKN(token#1) TOKENDATA(user01,cert0001)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|