RACDCERT REMOVE (Remove certificate from key ring)
Purpose
Use the RACDCERT REMOVE command to remove a digital certificate from a key ring.
See UTF-8 and BMP character restrictions for information about how UTF-8 and BMP characters in certificate names and labels are processed by RACDCERT functions.
Issuing options
As a RACF® TSO command? | As a RACF operator command? | With command direction? | With automatic command direction? | From the RACF parameter library? |
---|---|---|---|---|
Yes | No | No. (See rules.) | No. (See rules.) | No |
- The RACDCERT command cannot be directed to a remote system using the AT or ONLYAT keyword.
- The updates made to the RACF database by RACDCERT are eligible for propagation with automatic direction of application updates based on the RRSFDATA profiles AUTODIRECT.target-node.DIGTCERT.APPL and AUTODIRECT.target-node.DIGTRING.APPL, where target-node is the remote node to which the update is to be propagated.
Authorization required
The SPECIAL attribute, or
Sufficient authority to the IRR.DIGTCERT.REMOVE resource in the FACILITY class, as shown in Table 1, or
Sufficient authority to the appropriate resources in the RDATALIB class, as shown in Table 2, if Granular Authority Checking has been enabled by defining the IRR.RACDCERT.GRANULAR resource in the RDATALIB class.
Access level | Purpose |
---|---|
READ | Remove a certificate from your own key ring. |
UPDATE | Remove a SITE or CERTAUTH certificate from your own key ring. |
CONTROL | Remove a certificate from another user's key ring. |
![Start of change](./delta.gif)
READ access to the resource based on cert owner and cert label, ring owner and ring name * | Purpose |
---|---|
IRR.DIGTCERT.<cert owner>.<cert label>.LST.REMOVE |
Remove a certificate with a specified <cert label> owned by <cert owner> from a key ring with specified <ring name> owned by <ring owner> |
![End of change](./deltaend.gif)
Activating your changes
If the DIGTCERT or DIGTRING class is RACLISTed, refresh the classes to activate your changes.
SETROPTS RACLIST(DIGTCERT, DIGTRING) REFRESH
Related commands
- To connect a certificate to a key ring, see RACDCERT CONNECT.
- To list a key ring, see RACDCERT LISTRING.
Syntax
For the key to the symbols used in the command syntax diagrams, see Syntax of RACF commands and operands. The complete syntax of the RACDCERT REMOVE command is:
RACDCERT REMOVE([ ID(certificate-owner) | SITE | CERTAUTH ] |
|
If you specify more than one RACDCERT function, only the last specified function is processed. Extraneous keywords that are not related to the function being performed are ignored.
If you do not specify a RACDCERT function, LIST is the default function.
For information on issuing this command as a RACF TSO command, refer to RACF TSO commands.
Parameters
- REMOVE(ID(certificate-owner) LABEL('label-name') RING(ring-name))
- REMOVE(SITE LABEL('label-name') RING(ring-name))
- REMOVE(CERTAUTH LABEL('label-name') RING(ring-name))
- Specifies
the digital certificate to be removed from the key ring.
ID(certificate-owner) indicates that the certificate being removed is a user certificate, and certificate-owner is the user ID associated with this certificate. SITE indicates that the certificate being removed is a site certificate, and CERTAUTH indicates that it is a certificate authority certificate. If ID, SITE or CERTAUTH are not specified, ID(certificate-owner) defaults to the key ring owner as specified or defaulted by the ID(ring-owner) keyword.
- LABEL('label-name')
- Identifies the certificate that is being removed from the key ring. You must specify a label.
- RING(ring-name)
- Identifies the key ring from which this certificate is being removed. You must specify a ring name. Note: The key ring belongs to the ID specified or defaulted by the ID(ring-owner) keyword.
- ID(ring-owner)
- Specifies the user ID of the key ring owner. (Only a user ID can have a key ring.) If not specified, the key ring owner defaults to the command issuer's user ID.
Examples
Example | Activity label | Description |
---|---|---|
1 | Operation | User RACFADM wants to remove a SITE certificate with the label Shared Server from the RING01 key ring of server INVSERV. |
Known | User RACFADM has SPECIAL authority. | |
Command |
|
|
Output | None. |