Valid on z/OS, z/VSE, and z/VM.
Use the GENCERT command function to generate a digital certificate and insert a CERTDATA profile record into the CA Top Secret info‑storage database.
Specify a DIGICERT name as part of all GENCERT functions since the DIGICERT keyword indicates the name used in the digital certificate.
Administrators must have:
This command function has the following format:
TSS GENCERT [{CERTAUTH|CERTSITE|acid}]
DIGICERT(8‑byte‑name)
{DCDSN(request‑data‑set‑name)\}
{SUBJECTN ('CN="common‑name"
T="title"
OU="org‑unit‑name1,org‑unit‑name2"
O="organizational‑name"
L="locality"
ST="state‑or‑province"
C="2—digit—only country code"')}
[NBDATE(mm/dd/yy) NBTIME(hh:mm:ss)]
[NADATE(mm/dd/yy) NATIME(hh:mm:ss)]
[KEYSIZE(512|768|1024|2048))
[LABLCERT(label‑name)]
[ICSF|PCICC|DSA]
[SIGNWITH(acid,digicert)]
[KEYUSAGE(HANDSHAKE DATAENCRYPT DOCSIGN CERTSIGN)]
[ALTNAME('IP=numeric‑IP‑address
DOMAIN=internet‑domain‑name
EMAIL=email‑address
URI=universal‑resource‑identifier')]
Note: Include single quotes if specifying more than one value with KEYUSAGE. For example:
KEYUSAGE('HANDSHAKE DATAENCRYPT')
If DCDSN or SUBJECTN is not specified, the SUBJECTN defaults to the ACID's name field.
The three types of certificates that you can specify with GENCERT are:
Designates the certificate as a certificate‑authority certificate.
Designates the certificate as a site certificate.
Designates the user associated with the certificate.
The command function uses the keywords:
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|