Running CCRL from a terminal

You can run the CICS®-supplied transaction CCRL using a terminal to download certificate revocation lists (CRLs).

Before you begin

Read Running the CCRL transaction to find out about the prerequisites before running this transaction from a terminal.

Procedure

  1. From a terminal, enter the command CEOT TRANIDONLY so that you can enter the list of URLs in mixed case.
  2. Enter CCRL url-list, where url-list is the URL that specifies the location of the certificate revocation list file that you want to download. You can specify more than one URL by leaving a space between each URL in the list.
    For example, you could specify: CCRL http://crl.verisign.com/ATTClass1Individual.crl http://crl.verisign.com/ATTClass2Individual.crl.
  3. You are prompted to enter the administrator distinguished name and password for the LDAP server. This allows CICS to update the LDAP server with the CRLs that it downloads.
    The administrator name and password are specified in the file slapd.conf. For more information about configuring this file, see Configuring an LDAP server for CRLs

Results

CICS downloads the CRLs from the URLs that you have specified and store them in the LDAP server. You will receive confirmation that all of the lists were downloaded. If CICS experiences a problem, for example the URL is not valid, you will receive an error message.

What to do next

To set up regular updates, you can use a START command. See Running CCRL from a START command.