Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
RACDCERT GENREQ (Generate request) z/OS Security Server RACF Command Language Reference SA23-2292-00 |
|||||||||||||||||||||||||||||||||||||||||
PurposeUse the RACDCERT GENREQ command to create a PKCS #10 Base64-encoded certificate request based on the specified certificate and write the request to a data set. The specified certificate must have a private key associated with it. Otherwise an informational message is issued and processing stops. The GENREQ syntax is RACDCERT GENREQ(LABEL('label-name')) DSN('output-data-set-name'), where label-name is the name of the certificate the request is based on. The generated request does not have a name. No key pair is generated during the GENREQ processing. It takes the subject's distinguished name, some of the extensions (indicated below) and the public key from the specified certificate and signed with the private key associated with the specified certificate to form the certificate request. GENREQ requires that the certificate have a private key associated with it. If no private key is associated with the certificate, an informational message is issued and processing stops. The certificate request
contains the subject's distinguished name and public key, and is signed
with the private key associated with the specified certificate. These are the extensions copied to the certificate
request if they are present in the specified certificate:
Typically, these requests are sent to a certificate authority; however, they can also be imported into and signed by RACF® using the GENCERT function with a request-data-set-name. See UTF-8 and BMP character restrictions for information about how UTF-8 and BMP characters in certificate names and labels are processed by RACDCERT functions. Issuing optionsThe following table identifies
the eligible options for issuing the RACDCERT GENREQ command:
Authorization requiredTo issue the RACDCERT GENREQ command, you must have the SPECIAL attribute or sufficient authority to the IRR.DIGTCERT.GENREQ resource in the FACILITY class for your intended purpose, as shown in Table 1. When your installation
controls access to ICSF services and the CSFSERV class is active,
additional access to CSFSERV resources might be required as follows:
For details about the CSFSERV resources, see z/OS Cryptographic Services ICSF Administrator's Guide.
Related commands
SyntaxFor the key to the symbols used in the command syntax diagrams, see Syntax of RACF commands and operands. The complete syntax of the RACDCERT GENREQ command is:
If you specify more than one RACDCERT function, only the last specified function is processed. Extraneous keywords that are not related to the function being performed are ignored. If you do not specify a RACDCERT function, LIST is the default function. For information on issuing this command as a RACF TSO command, refer to RACF TSO commands. Parameters
Examples
|
Copyright IBM Corporation 1990, 2014
|