This service is used to encase the public half of a public/private
key PKDS record into an X.509 digital certificate so that it may be
sent to another party. Then you may receive data from another party
enciphered under the public key which you may recover using the same
PKDS record.
- The certificate created will be stored in an MVS physical sequential
data set.
- The output data set will be created by the service with RECFM(V
B).
- You must supply the data set name where the certificate is to
be stored.
- The data set should not exist prior to export.
- If the data set exists prior to export, its contents will be destroyed
and the data set reallocated new.
- The data set cannot be a PDS or PDS member.
- You may specify a value for the subject's common name in the certificate,
if desired.
- If no value is specified, the PKDS record's label will be used
as the common name.
- Callable services:
- CSNDKRR - reads the record from the PKDS
- CSNDPKX - extracts just the public key from the record
- CSNBOWH - hashes the to-be-signed portion of the generated certificate
- CSNDDSG - signs the hash
Note: - The key record specified must be a public or private key pair
record and must support signing.
- The certificate's validity date range is hard coded to be July
1, 2005 - December 31, 2040 UTC.
- The certificate created will be self-signed and DER encoded (binary).