CERTNSER Keyword—Next Certificate Serial Number

Keywords › CERTNSER Keyword—Next Certificate Serial Number

CERTNSER Keyword—Next Certificate Serial Number

Valid on z/OS.

Use the CERTNSER keyword to specify the next serial number used by this certificate to sign another certificate. Do not modify this number manually because you can generate duplicate certificates which are unusable on z/OS systems.

This keyword has the following format:

TSS REPLACE(acid) DIGICERT(8-byte name) 
                  CERTNSER(nnnnnnnnnnnnnnnn)

nnnnnnnnnnnnnnnn

The hex value of the next serial number used by this certificate to sign another certificate. Every byte must be specified, including leading zeros.

Size: 16 bytes

This keyword is used with

The REPLACE command only
ACID(MAINTAIN) authority for ACIDs, MISC4(CERTSITE) for CERTSITE ACIDs, and MISC4(CERTAUTH) for CERTAUTH ACIDs
The ACID types User, DCA, VCA, ZCA, LSCA, and SCA

Example: CERTNSER keyword

To update a certificate's next serial counter to 09, specify the full 16-byte serial number, which will be used as the starting value for the next serial number. The next time this certificate (AUTHCA01) is used in signing another certificate, the serial number generated will start again at 09.

TSS REPLACE(CERTAUTH) DIGICERT(AUTHCA01)
                      CERTNSER(0000000000000009)