Previous Topic: Sample Output “Signed by:” Field DefinitionNext Topic: FIELDS Parameter Considerations


Certificate Utility Parameters

The input parameters can be specified in the PARM field or SYSIN data set. When parameters conflict, the last parameter entered will be used (USER and RECORDID).

TITLE (cccccccccc)

Specifies a character string used as the title at the top of the report. If you do not specify this parameter, the title is 'SAFCRRPT - Certificate Utility'. If this string is longer than 35 characters, the report generator uses only the first 35 characters as the title.

Range: 1 to 35

LINECNT(60|nnnn)

Specifies the number of output lines to print on a page.

Maximum: The physical constraints of the output media used or 99,999 lines.

USER (userid|userid mask)

All certificates for the specified user(s) are displayed. When specified with the RINGNAME parameter, the user field cannot be masked.

Default: The caller's userid.

DETAIL|SUMMARY
DETAIL

Specifies that the label, serial number, subject's distinguished name, issuer's distinguished name, validity dates, public key, PKDS label (if one exists), private key size and type are displayed.

SUMMARY

Specifies that the record id of the displayed record, the record id of the signing certificate and the record ids of the certificates that this certificate signed are displayed.

Default: Summary.

DUMP

Adds a hexadecimal dump of the certificate to the display. Dump is ignored if DETAIL is not specified.

EXT

Adds a list of the extensions in the certificate to the display. EXT is ignored if DETAIL is not specified. If the utility cannot identify the name of the extension in the certificate, the OID of the extension is displayed.

Extension values are also displayed. If the format of the extension can be identified, a meaningful description of the settings within the extension is displayed. If the format of the extension cannot be identified, a hexadecimal dump of the extension contents along with a character representation will be displayed.

RINGNAME(ring name)

Displays certificates from a specific key ring. The utility uses the R_datalib callable service to retrieve the certificates from the key ring. When RINGNAME is specified, the USER parameter cannot be masked.

Note: The RINGNAME value is the same as the CA Top Secret LABLRING value of the up to 237-character label name of the keyring where the certificates reside.

RECORDID(record id mask)

Specifies the record id of the certificate(s) to be displayed. RECORDID cannot be used with the RINGNAME parameter.

TRUST|NOTRUST

Specifies that only certificates that have either TRUST or NOTRUST status are displayed.

ICSF

Specifies that only certificates that have the public or private key saved in ICSF are displayed.

PCICC

Specifies that only certificates that have the public or private key saved in saved in ICSF using the PCICC keyword are displayed.

EDAYS(expire days)

Specifies that only certificates that expire within the specified number of days are displayed.

Range: 1 to 365

RSA

Specifies that only certificates that use the RSA algorithm to create the public-private key pair are displayed.

DSA

Specifies that only certificates that use the DSA algorithm to create the public-private key pair are displayed.

FIELDS(subparameter1,subparameter2,...)

Limits the information returned by the report. The subparameters are as follows:

LABEL

Display certificate label.

SERIAL

Display serial #.

ISSUER

Display Issuer DN.

SUBJECT

Display Subject DN.

ACTIVE

Display Active Date.

EXPIRE

Display Expire Date.

KEYSIZE

Display key size.

PUBLIC

Display public key.

PKDS

Display PKDS label.

SIGNOF

Display the certificates that this certificate has signed.

SIGALG

Displays the signature algorithm used to create the signature.

TRUST

Displays an indication of whether the certificate is trusted or not.

CERTLEN

Displays the length of the certificate.

If the FIELDS parameter is specified and no subparameters are listed an error message is displayed. If SUMMARY is specified after the FIELDS parameter, the FIELDS parameter is ignored. If SUMMARY is specified before the FIELDS parameter, the SUMMARY parameter is ignored. If more than one FIELDS parameter is specified, only the last FIELDS parameter is acknowledged.