Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
DIGTCERT profile names z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
The name of a DIGTCERT profile is derived from the certificate's serial number and the issuer's distinguished name (IDN). Any character in either value that would not be valid in a RACF® profile name, such as a blank, is replaced with the ¢ character (X'4A'). The maximum length of a DIGTCERT profile name is 246 characters. The format of the profile name is based on the combined length of the certificate's serial number and the issuer's distinguished name (IDN), including the period. When the combined length of the value of serial-number.issuer's-distinguished-name is
246 characters or less, the name of the DIGTCERT profile uses the
following format:
Example: If the certificate's serial number is 41D87A3B05DE6FBD466C2069661E3872 and
the issuer's distinguished name is OU=VeriSign Class1.O=VeriSign.L=Internet,
the profile name of the DIGTCERT profile is as follows:
When the combined length of the value of serial-number.issuer's-distinguished-name exceeds
246 characters, the name of the DIGTCERT profile uses the following
format, where the certificate-hash value is a hexadecimal
representation of the certificate in a hashed form:
Example: If the certificate's serial number is 0E and the issuer's distinguished name is as follows, the resulting profile name is as shown: Issuer's distinguished name:
DIGTCERT profile name:
When a DIGTCERT profile name contains a certificate hash value, each occurrence of the equal sign (=) delimiter is replaced with a colon (:). |
Copyright IBM Corporation 1990, 2014
|