z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Replacing certificate-authority certificates

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Applications can invoke the initACEE callable service (IRRSIA00) and pass a certificate-authority certificate, requesting replacement of a previously registered certificate-authority certificate. If the caller's user ID has at least CONTROL authority to the IRR.DIGTCERT.ADD resource and the previously registered certificate-authority certificate is eligible for replacement, the certificate will be replaced and the new certificate will be associated with the irrcerta user ID.

A previously registered certificate-authority certificate is eligible for replacement when:
  1. Its public key matches that of the input certificate-authority certificate.
  2. Its subject's distinguished name matches that of the input certificate-authority certificate.
  3. It has a private key.
If the caller has CONTROL authority to the IRR.DIGTCERT.ADD resource but the previously registered certificate-authority certificate is not eligible for replacement, it will not be replaced. The input certificate will be added as a user certificate and will be associated with the user ID of the caller. See Registering user certificates.
Parent topic: initACEE (IRRSIA00) callable service

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014