Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Using an existing certificate as a model z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
An existing digital certificate can be used as a model for a certificate name filter, if it is available in a cataloged data set. Using the RACDCERT MAP command with the MAP(data-set-name) option, a stored certificate can be used to model the subject's name filter, the issuer's name filter, or both. The subject's distinguished name in the certificate is used beginning with the value specified with the SDNFILTER. The issuer's distinguished name in the certificate is used beginning with the value specified with the IDNFILTER. For example, let's assume that Ines Soto's certificate is available in data set 'CERTADM.SOTO', and that it contains the following subject's and issuer's names:
The RACDCERT MAP commands shown in Figure 1 can
be used to create certificate name filters using Ines Soto's certificate
as a model. Note that only the starting point for each filter needs
to be specified to indicate where the filter name should begin.
Figure 1. Sample
RACDCERT MAP commands using a model certificate
The RACDCERT MAP commands in Figure 2 can be used
to create the same certificate name filters as those created by the
RACDCERT MAP commands in Figure 1. Note that the RACDCERT
commands in Figure 1 using the model certificate are
shorter and might minimize typographic errors when defining long filter
names.
Figure 2. Sample RACDCERT MAP commands not using a model
certificate
|
Copyright IBM Corporation 1990, 2014
|