Authorized applications, such as servers HTTP, TN3270, CICS, or LDAP, invoke the R_Datalib callable service (IRRSDL00) to retrieve certificates and private keys from a key ring, and manage serial numbers for certain certificates.
CA Top Secret supports the R_Datalib functions using its Keyring support. Authorize these accesses to IRRSDL00 functions by administering CA Top Secret resource class (IBMFAC) facility permissions for the IRR.DIGTCERT.function. Where function could be LISTRING, LIST, or GENCERT.
Example: extract a certificate from a key ring
This example extracts a user certificate from a key ring, you require access to IBMFAC function LISTRING:
TSS ADD(dept) IBMFAC(IRR.DIGTCERT)
TSS PER(acid) IBMFAC(IRR.DIGTCERT.LISTRING)
ACCESS(UPDATE)
TSS PER(acid) IBMFAC(IRR.DIGTCERT.LIST)
ACCESS(UPDATE)
TSS PER(acid) IBMFAC(IRR.DIGTCERT.GENCERT)
ACCESS(UPDATE,CONTROL)
Note: If the certificate user ID is the same as the user ID issuing the R‑Datalib call, the required authority is ACCESS (READ). If the user ID is not the same the required authority is ACCESS (UPDATE) or ACCESS (CONTROL).
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|