Keywords › BIND Keyword—Bind a Certificate to a PKCS#11 Token › BIND Authorities
BIND Authorities
The administrator must have:
- MISC4(CERTSITE) authority when the certificate is from the CERTSITE acid
- MISC4(CERTAUTH) authority when the certificate is from the CERTAUTH acid
- MISC4(PERSONAL) authority for all other certificates
Controlled by ICSF using resources in the CRYPTOZ and IBMFAC resource classes.
To bind a certificate to a PKCS#11 token for KEYUSAGE personal use, the authority required is:
- For one's own certificate—Sufficient authority to CRYPTOZ resources and READ authority to IRR.DIGTCERT.BIND
- For someone else's certificate—Sufficient authority to CRYPTOZ resources and UPDATE authority to IRR.DIGTCERT.BIND
- For CERTSITE or CERTAUTH certificate—Sufficient authority to CRYPTOZ resources and CONTROL authority to IRR.DIGTCERT.BIND
To bind a certificate to a PKCS#11 token for KEYUSAGE CERTSITE or CERTAUTH use the authority required:
- For one's own certificate is sufficient authority to CRYPTOZ resources, CONTROL authority to IRR.DIGTCERT.ADD and READ authority to IRR.DIGTCERT.BIND
- For someone else's certificate is sufficient authority to CRYPTOZ resources, CONTROL authority to IRR.DIGTCERT.ADD and UPDATE authority to IRR.DIGTCERT.BIND
- For CERTSITE or CERTAUTH certificate is sufficient authority to CRYPTOZ resources and UPDATE authority
Copyright © 2009 CA.
All rights reserved.
|
|