You can add digital certificates issued by a certificate authority to one user to another user's key ring. This allows the administrator to further define the access that a user has to certain resources. Before a digital certificate can be added to a key ring, it must have been added to the owner's ACID record through the TSS ADD DIGICERT command.
To add a keyring to a user, enter the command:
TSS ADD(acid) KEYRING(ring name)
LABLRING(name)
To add a certificate to a key ring, enter the command:
TSS ADD(acid) KEYRING(ring name)
[LABLRING(name)]
[RINGDATA(acid,digicert)]
[RINGDATA(CERTAUTH,digicert)]
[RINGDATA(CERTSITE,digicert)]
[DEFAULT]
[USAGE(PERSONAL|CERTAUTH|CERTSITE)]
The ring name is unique within the user, the name you specify identifies the key ring for a user.
Range: Up to 8 characters
Provides the ability add a label name to the key ring; can be used as a key to locate a certificate key ring. If not specified, the KEYRING name is automatically added to the LABLRING.
Range: Up to 237 characters
Specifies the ACID and certificate label name (as specified by DIGICERT) of the certificate being added to the user.
(Optional) Specifies that the certificate is the default certificate for the key ring.Only one certificate within the key ring can be the default. If a default already exists, its DEFAULT status is removed, and the specified certificate becomes the default certificate.
Specifies how this certificate is used with the specified key ring. The default usage is the same as the certificate being connected.
Demotes a certificate to ensure that it is not used as a certificate authority in this key ring.
Promotes an ordinary user certificate to that of a certificate authority within this key ring.
Promotes an ordinary user certificate to that of a site certificate.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|